mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-07-05 11:02:42 +00:00
Compare commits
52 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 61acc755c6 | |||
| 3d8c8d969c | |||
| 68096ef2ab | |||
| df94276c31 | |||
| 8040c32810 | |||
| 76f5417f04 | |||
| 208c738b83 | |||
| 432ee9898e | |||
| c120e07c25 | |||
| 8563ee9ec9 | |||
2f9c779b15
|
|||
|
5fa9a3b505
|
|||
|
3b0cd75cbd
|
|||
|
12fc2d8a9b
|
|||
| e9b951cb68 | |||
| 95d653f26e | |||
| bd4818e993 | |||
| 16237ad930 | |||
| 347d09a4c2 | |||
|
0ab8b1f8f2
|
|||
|
4f091b65e2
|
|||
|
86ee500c6d
|
|||
| 005c6fe7cd | |||
| bd5ef054ea | |||
| 182d76b2ae | |||
| 67f1526d19 | |||
| ef4db53567 | |||
| 8535dadcad | |||
| e1f5a00d90 | |||
| 3b12f672f0 | |||
| 462db2bdfa | |||
| 2abaf2f4dd | |||
| a0ebda314e | |||
| 5334e869ed | |||
| 011efec32b | |||
| 1c527faa04 | |||
| ca9a13c544 | |||
| 0d0a0a822c | |||
| ef286ae706 | |||
| d421e81045 | |||
| 2176a3a2de | |||
| 65874da53c | |||
| b3ceb64052 | |||
| ab0b61db10 | |||
| 31ff6160eb | |||
| 960a328ea7 | |||
| 3111447b96 | |||
| b506f74950 | |||
| e0933d6521 | |||
| 2d6b59e94b | |||
| 7a73aae321 | |||
| da1a7709fa |
2
.github/workflows/crowdin.yml
vendored
2
.github/workflows/crowdin.yml
vendored
@ -14,7 +14,7 @@ jobs:
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: crowdin action
|
||||
uses: crowdin/github-action@1.4.9
|
||||
uses: crowdin/github-action@1.4.12
|
||||
with:
|
||||
upload_sources: true
|
||||
upload_sources_args: '--auto-update --delete-obsolete'
|
||||
|
||||
@ -1,19 +1,24 @@
|
||||
name: 📦 Deploy Website
|
||||
name: 🛠️ Deploy to GitHub Pages
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
release:
|
||||
types: [published]
|
||||
|
||||
# Allow one concurrent deployment
|
||||
concurrency:
|
||||
group: "pages"
|
||||
cancel-in-progress: true
|
||||
|
||||
env:
|
||||
PYTHON_VERSION: 3.x
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build website
|
||||
name: Build
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
@ -22,14 +27,17 @@ jobs:
|
||||
repository: ${{github.event.pull_request.head.repo.full_name}}
|
||||
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
|
||||
submodules: 'true'
|
||||
|
||||
- name: Pages setup
|
||||
uses: actions/configure-pages@v1
|
||||
|
||||
- name: Set up Python runtime
|
||||
- name: Python setup
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.7'
|
||||
|
||||
- name: Cache files
|
||||
uses: actions/cache@v3.0.4
|
||||
uses: actions/cache@v3.0.7
|
||||
with:
|
||||
key: ${{ github.ref }}
|
||||
path: .cache
|
||||
@ -40,34 +48,35 @@ jobs:
|
||||
pipenv install
|
||||
|
||||
- name: Build website
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
pipenv run mkdocs build
|
||||
pipenv run mkdocs build --config-file mkdocs.production.yml
|
||||
mv .well-known site/
|
||||
tar cvf site.tar site
|
||||
pipenv run mkdocs --version
|
||||
|
||||
- name: Package website
|
||||
uses: actions/upload-artifact@v3
|
||||
uses: actions/upload-pages-artifact@v1
|
||||
with:
|
||||
name: generated-site
|
||||
path: site.tar
|
||||
path: site
|
||||
|
||||
|
||||
|
||||
deploy:
|
||||
name: Rsync Deploy
|
||||
runs-on: ubuntu-latest
|
||||
environment: production
|
||||
name: Deploy
|
||||
needs: build
|
||||
|
||||
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
|
||||
permissions:
|
||||
pages: write # to deploy to Pages
|
||||
id-token: write # to verify the deployment originates from an appropriate source
|
||||
|
||||
environment:
|
||||
name: github-pages
|
||||
url: ${{ steps.deployment.outputs.page_url }}
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Download generated Jekyll site
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: generated-site
|
||||
- run: tar xvf site.tar
|
||||
- name: Copy built site to production
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
|
||||
chmod 700 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts
|
||||
rsync -azP --delete site/ ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:${{ secrets.SSH_PATH }}
|
||||
- name: Deploy to GitHub Pages
|
||||
id: deployment
|
||||
uses: actions/deploy-pages@main
|
||||
6
.github/workflows/preview.yml
vendored
6
.github/workflows/preview.yml
vendored
@ -3,7 +3,7 @@ name: 🔂 Surge PR Preview
|
||||
on:
|
||||
pull_request_target:
|
||||
types: [opened, synchronize, reopened]
|
||||
|
||||
|
||||
# Ensures that only one mirror task will run at a time.
|
||||
concurrency:
|
||||
group: surge-sh
|
||||
@ -33,6 +33,8 @@ jobs:
|
||||
|
||||
- name: Deploy to surge.sh
|
||||
uses: afc163/surge-preview@v1
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
surge_token: ${{ secrets.SURGE_TOKEN }}
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
@ -41,4 +43,4 @@ jobs:
|
||||
build: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
pipenv run mkdocs build
|
||||
pipenv run mkdocs build --config-file mkdocs.production.yml
|
||||
|
||||
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -4,6 +4,3 @@
|
||||
[submodule "docs/assets/brand"]
|
||||
path = docs/assets/brand
|
||||
url = https://github.com/privacyguides/brand.git
|
||||
[submodule "docs/blog"]
|
||||
path = docs/blog
|
||||
url = https://github.com/privacyguides/blog.git
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
Contact: jonah@triplebit.net
|
||||
Encryption: https://www.jonaharagon.com/keys/
|
||||
Contact: mailto:jonah@triplebit.net
|
||||
Expires: 2024-01-01T18:00:00.000Z
|
||||
Preferred-Languages: en
|
||||
Canonical: https://privacyguides.org/.well-known/security.txt
|
||||
Canonical: https://www.privacyguides.org/.well-known/security.txt
|
||||
Policy: https://github.com/privacyguides/privacyguides.org/security/policy
|
||||
|
||||
1
Pipfile
1
Pipfile
@ -11,6 +11,7 @@ mkdocs-git-revision-date-localized-plugin = "*"
|
||||
typing-extensions = "*"
|
||||
mkdocs-minify-plugin = "*"
|
||||
mkdocs-rss-plugin = "*"
|
||||
mkdocs-git-committers-plugin-2 = "*"
|
||||
|
||||
[dev-packages]
|
||||
scour = "*"
|
||||
|
||||
647
Pipfile.lock
generated
647
Pipfile.lock
generated
@ -1,7 +1,7 @@
|
||||
{
|
||||
"_meta": {
|
||||
"hash": {
|
||||
"sha256": "ce0d93277762e5052d095796291285ed1ff44183570f08ebfa71b76619eee48e"
|
||||
"sha256": "ce2630991a262d8ca83cfc13f70347f8fdd9f9d07c281ea753f5fc52f3aebbd6"
|
||||
},
|
||||
"pipfile-spec": 6,
|
||||
"requires": {
|
||||
@ -18,11 +18,11 @@
|
||||
"default": {
|
||||
"babel": {
|
||||
"hashes": [
|
||||
"sha256:3f349e85ad3154559ac4930c3918247d319f21910d5ce4b25d439ed8693b98d2",
|
||||
"sha256:98aeaca086133efb3e1e2aad0396987490c8425929ddbcfe0550184fdc54cd13"
|
||||
"sha256:7614553711ee97490f732126dc077f8d0ae084ebc6a96e23db1482afabdb2c51",
|
||||
"sha256:ff56f4892c1c4bf0d814575ea23471c230d544203c7748e8c68f0089478d48eb"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2.10.1"
|
||||
"version": "==2.10.3"
|
||||
},
|
||||
"cairocffi": {
|
||||
"hashes": [
|
||||
@ -41,74 +41,88 @@
|
||||
},
|
||||
"certifi": {
|
||||
"hashes": [
|
||||
"sha256:9c5705e395cd70084351dd8ad5c41e65655e08ce46f2ec9cf6c2c08390f71eb7",
|
||||
"sha256:f1d53542ee8cbedbe2118b5686372fb33c297fcd6379b050cca0ef13a597382a"
|
||||
"sha256:84c85a9078b11105f04f3036a9482ae10e4621616db313fe045dd24743a0820d",
|
||||
"sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2022.5.18.1"
|
||||
"version": "==2022.6.15"
|
||||
},
|
||||
"cffi": {
|
||||
"hashes": [
|
||||
"sha256:00c878c90cb53ccfaae6b8bc18ad05d2036553e6d9d1d9dbcf323bbe83854ca3",
|
||||
"sha256:0104fb5ae2391d46a4cb082abdd5c69ea4eab79d8d44eaaf79f1b1fd806ee4c2",
|
||||
"sha256:06c48159c1abed75c2e721b1715c379fa3200c7784271b3c46df01383b593636",
|
||||
"sha256:0808014eb713677ec1292301ea4c81ad277b6cdf2fdd90fd540af98c0b101d20",
|
||||
"sha256:10dffb601ccfb65262a27233ac273d552ddc4d8ae1bf93b21c94b8511bffe728",
|
||||
"sha256:14cd121ea63ecdae71efa69c15c5543a4b5fbcd0bbe2aad864baca0063cecf27",
|
||||
"sha256:17771976e82e9f94976180f76468546834d22a7cc404b17c22df2a2c81db0c66",
|
||||
"sha256:181dee03b1170ff1969489acf1c26533710231c58f95534e3edac87fff06c443",
|
||||
"sha256:23cfe892bd5dd8941608f93348c0737e369e51c100d03718f108bf1add7bd6d0",
|
||||
"sha256:263cc3d821c4ab2213cbe8cd8b355a7f72a8324577dc865ef98487c1aeee2bc7",
|
||||
"sha256:2756c88cbb94231c7a147402476be2c4df2f6078099a6f4a480d239a8817ae39",
|
||||
"sha256:27c219baf94952ae9d50ec19651a687b826792055353d07648a5695413e0c605",
|
||||
"sha256:2a23af14f408d53d5e6cd4e3d9a24ff9e05906ad574822a10563efcef137979a",
|
||||
"sha256:31fb708d9d7c3f49a60f04cf5b119aeefe5644daba1cd2a0fe389b674fd1de37",
|
||||
"sha256:3415c89f9204ee60cd09b235810be700e993e343a408693e80ce7f6a40108029",
|
||||
"sha256:3773c4d81e6e818df2efbc7dd77325ca0dcb688116050fb2b3011218eda36139",
|
||||
"sha256:3b96a311ac60a3f6be21d2572e46ce67f09abcf4d09344c49274eb9e0bf345fc",
|
||||
"sha256:3f7d084648d77af029acb79a0ff49a0ad7e9d09057a9bf46596dac9514dc07df",
|
||||
"sha256:41d45de54cd277a7878919867c0f08b0cf817605e4eb94093e7516505d3c8d14",
|
||||
"sha256:4238e6dab5d6a8ba812de994bbb0a79bddbdf80994e4ce802b6f6f3142fcc880",
|
||||
"sha256:45db3a33139e9c8f7c09234b5784a5e33d31fd6907800b316decad50af323ff2",
|
||||
"sha256:45e8636704eacc432a206ac7345a5d3d2c62d95a507ec70d62f23cd91770482a",
|
||||
"sha256:4958391dbd6249d7ad855b9ca88fae690783a6be9e86df65865058ed81fc860e",
|
||||
"sha256:4a306fa632e8f0928956a41fa8e1d6243c71e7eb59ffbd165fc0b41e316b2474",
|
||||
"sha256:57e9ac9ccc3101fac9d6014fba037473e4358ef4e89f8e181f8951a2c0162024",
|
||||
"sha256:59888172256cac5629e60e72e86598027aca6bf01fa2465bdb676d37636573e8",
|
||||
"sha256:5e069f72d497312b24fcc02073d70cb989045d1c91cbd53979366077959933e0",
|
||||
"sha256:64d4ec9f448dfe041705426000cc13e34e6e5bb13736e9fd62e34a0b0c41566e",
|
||||
"sha256:6dc2737a3674b3e344847c8686cf29e500584ccad76204efea14f451d4cc669a",
|
||||
"sha256:74fdfdbfdc48d3f47148976f49fab3251e550a8720bebc99bf1483f5bfb5db3e",
|
||||
"sha256:75e4024375654472cc27e91cbe9eaa08567f7fbdf822638be2814ce059f58032",
|
||||
"sha256:786902fb9ba7433aae840e0ed609f45c7bcd4e225ebb9c753aa39725bb3e6ad6",
|
||||
"sha256:8b6c2ea03845c9f501ed1313e78de148cd3f6cad741a75d43a29b43da27f2e1e",
|
||||
"sha256:91d77d2a782be4274da750752bb1650a97bfd8f291022b379bb8e01c66b4e96b",
|
||||
"sha256:91ec59c33514b7c7559a6acda53bbfe1b283949c34fe7440bcf917f96ac0723e",
|
||||
"sha256:920f0d66a896c2d99f0adbb391f990a84091179542c205fa53ce5787aff87954",
|
||||
"sha256:a5263e363c27b653a90078143adb3d076c1a748ec9ecc78ea2fb916f9b861962",
|
||||
"sha256:abb9a20a72ac4e0fdb50dae135ba5e77880518e742077ced47eb1499e29a443c",
|
||||
"sha256:c2051981a968d7de9dd2d7b87bcb9c939c74a34626a6e2f8181455dd49ed69e4",
|
||||
"sha256:c21c9e3896c23007803a875460fb786118f0cdd4434359577ea25eb556e34c55",
|
||||
"sha256:c2502a1a03b6312837279c8c1bd3ebedf6c12c4228ddbad40912d671ccc8a962",
|
||||
"sha256:d4d692a89c5cf08a8557fdeb329b82e7bf609aadfaed6c0d79f5a449a3c7c023",
|
||||
"sha256:da5db4e883f1ce37f55c667e5c0de439df76ac4cb55964655906306918e7363c",
|
||||
"sha256:e7022a66d9b55e93e1a845d8c9eba2a1bebd4966cd8bfc25d9cd07d515b33fa6",
|
||||
"sha256:ef1f279350da2c586a69d32fc8733092fd32cc8ac95139a00377841f59a3f8d8",
|
||||
"sha256:f54a64f8b0c8ff0b64d18aa76675262e1700f3995182267998c31ae974fbc382",
|
||||
"sha256:f5c7150ad32ba43a07c4479f40241756145a1f03b43480e058cfd862bf5041c7",
|
||||
"sha256:f6f824dc3bce0edab5f427efcfb1d63ee75b6fcb7282900ccaf925be84efb0fc",
|
||||
"sha256:fd8a250edc26254fe5b33be00402e6d287f562b6a5b2152dec302fa15bb3e997",
|
||||
"sha256:ffaa5c925128e29efbde7301d8ecaf35c8c60ffbcd6a1ffd3a552177c8e5e796"
|
||||
"sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5",
|
||||
"sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef",
|
||||
"sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104",
|
||||
"sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426",
|
||||
"sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405",
|
||||
"sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375",
|
||||
"sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a",
|
||||
"sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e",
|
||||
"sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc",
|
||||
"sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf",
|
||||
"sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185",
|
||||
"sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497",
|
||||
"sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3",
|
||||
"sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35",
|
||||
"sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c",
|
||||
"sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83",
|
||||
"sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21",
|
||||
"sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca",
|
||||
"sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984",
|
||||
"sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac",
|
||||
"sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd",
|
||||
"sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee",
|
||||
"sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a",
|
||||
"sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2",
|
||||
"sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192",
|
||||
"sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7",
|
||||
"sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585",
|
||||
"sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f",
|
||||
"sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e",
|
||||
"sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27",
|
||||
"sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b",
|
||||
"sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e",
|
||||
"sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e",
|
||||
"sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d",
|
||||
"sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c",
|
||||
"sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415",
|
||||
"sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82",
|
||||
"sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02",
|
||||
"sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314",
|
||||
"sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325",
|
||||
"sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c",
|
||||
"sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3",
|
||||
"sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914",
|
||||
"sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045",
|
||||
"sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d",
|
||||
"sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9",
|
||||
"sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5",
|
||||
"sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2",
|
||||
"sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c",
|
||||
"sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3",
|
||||
"sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2",
|
||||
"sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8",
|
||||
"sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d",
|
||||
"sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d",
|
||||
"sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9",
|
||||
"sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162",
|
||||
"sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76",
|
||||
"sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4",
|
||||
"sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e",
|
||||
"sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9",
|
||||
"sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6",
|
||||
"sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b",
|
||||
"sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01",
|
||||
"sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0"
|
||||
],
|
||||
"version": "==1.15.0"
|
||||
"version": "==1.15.1"
|
||||
},
|
||||
"charset-normalizer": {
|
||||
"hashes": [
|
||||
"sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
|
||||
"sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
|
||||
"sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5",
|
||||
"sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413"
|
||||
],
|
||||
"markers": "python_version >= '3.0'",
|
||||
"version": "==2.0.12"
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2.1.0"
|
||||
},
|
||||
"click": {
|
||||
"hashes": [
|
||||
@ -174,24 +188,24 @@
|
||||
"sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff",
|
||||
"sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"
|
||||
],
|
||||
"markers": "python_version >= '3.0'",
|
||||
"markers": "python_version >= '3.5'",
|
||||
"version": "==3.3"
|
||||
},
|
||||
"importlib-metadata": {
|
||||
"hashes": [
|
||||
"sha256:5d26852efe48c0a32b0509ffbc583fda1a2266545a78d104a6f4aff3db17d700",
|
||||
"sha256:c58c8eb8a762858f49e18436ff552e83914778e50e9d2f1660535ffb364552ec"
|
||||
"sha256:637245b8bab2b6502fcbc752cc4b7a6f6243bb02b31c5c26156ad103d3d45670",
|
||||
"sha256:7401a975809ea1fdc658c3aa4f78cc2195a0e019c5cbc4c06122884e9ae80c23"
|
||||
],
|
||||
"markers": "python_version < '3.10'",
|
||||
"version": "==4.11.4"
|
||||
"version": "==4.12.0"
|
||||
},
|
||||
"jinja2": {
|
||||
"hashes": [
|
||||
"sha256:077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8",
|
||||
"sha256:611bb273cd68f3b993fabdc4064fc858c5b47a973cb5aa7999ec1ba405c87cd7"
|
||||
"sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852",
|
||||
"sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==3.0.3"
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==3.1.2"
|
||||
},
|
||||
"jsmin": {
|
||||
"hashes": [
|
||||
@ -201,70 +215,79 @@
|
||||
},
|
||||
"lxml": {
|
||||
"hashes": [
|
||||
"sha256:078306d19a33920004addeb5f4630781aaeabb6a8d01398045fcde085091a169",
|
||||
"sha256:0c1978ff1fd81ed9dcbba4f91cf09faf1f8082c9d72eb122e92294716c605428",
|
||||
"sha256:1010042bfcac2b2dc6098260a2ed022968dbdfaf285fc65a3acf8e4eb1ffd1bc",
|
||||
"sha256:1d650812b52d98679ed6c6b3b55cbb8fe5a5460a0aef29aeb08dc0b44577df85",
|
||||
"sha256:20b8a746a026017acf07da39fdb10aa80ad9877046c9182442bf80c84a1c4696",
|
||||
"sha256:2403a6d6fb61c285969b71f4a3527873fe93fd0abe0832d858a17fe68c8fa507",
|
||||
"sha256:24f5c5ae618395ed871b3d8ebfcbb36e3f1091fd847bf54c4de623f9107942f3",
|
||||
"sha256:28d1af847786f68bec57961f31221125c29d6f52d9187c01cd34dc14e2b29430",
|
||||
"sha256:31499847fc5f73ee17dbe1b8e24c6dafc4e8d5b48803d17d22988976b0171f03",
|
||||
"sha256:31ba2cbc64516dcdd6c24418daa7abff989ddf3ba6d3ea6f6ce6f2ed6e754ec9",
|
||||
"sha256:330bff92c26d4aee79c5bc4d9967858bdbe73fdbdbacb5daf623a03a914fe05b",
|
||||
"sha256:5045ee1ccd45a89c4daec1160217d363fcd23811e26734688007c26f28c9e9e7",
|
||||
"sha256:52cbf2ff155b19dc4d4100f7442f6a697938bf4493f8d3b0c51d45568d5666b5",
|
||||
"sha256:530f278849031b0eb12f46cca0e5db01cfe5177ab13bd6878c6e739319bae654",
|
||||
"sha256:545bd39c9481f2e3f2727c78c169425efbfb3fbba6e7db4f46a80ebb249819ca",
|
||||
"sha256:5804e04feb4e61babf3911c2a974a5b86f66ee227cc5006230b00ac6d285b3a9",
|
||||
"sha256:5a58d0b12f5053e270510bf12f753a76aaf3d74c453c00942ed7d2c804ca845c",
|
||||
"sha256:5f148b0c6133fb928503cfcdfdba395010f997aa44bcf6474fcdd0c5398d9b63",
|
||||
"sha256:5f7d7d9afc7b293147e2d506a4596641d60181a35279ef3aa5778d0d9d9123fe",
|
||||
"sha256:60d2f60bd5a2a979df28ab309352cdcf8181bda0cca4529769a945f09aba06f9",
|
||||
"sha256:6259b511b0f2527e6d55ad87acc1c07b3cbffc3d5e050d7e7bcfa151b8202df9",
|
||||
"sha256:6268e27873a3d191849204d00d03f65c0e343b3bcb518a6eaae05677c95621d1",
|
||||
"sha256:627e79894770783c129cc5e89b947e52aa26e8e0557c7e205368a809da4b7939",
|
||||
"sha256:62f93eac69ec0f4be98d1b96f4d6b964855b8255c345c17ff12c20b93f247b68",
|
||||
"sha256:6d6483b1229470e1d8835e52e0ff3c6973b9b97b24cd1c116dca90b57a2cc613",
|
||||
"sha256:6f7b82934c08e28a2d537d870293236b1000d94d0b4583825ab9649aef7ddf63",
|
||||
"sha256:6fe4ef4402df0250b75ba876c3795510d782def5c1e63890bde02d622570d39e",
|
||||
"sha256:719544565c2937c21a6f76d520e6e52b726d132815adb3447ccffbe9f44203c4",
|
||||
"sha256:730766072fd5dcb219dd2b95c4c49752a54f00157f322bc6d71f7d2a31fecd79",
|
||||
"sha256:74eb65ec61e3c7c019d7169387d1b6ffcfea1b9ec5894d116a9a903636e4a0b1",
|
||||
"sha256:7993232bd4044392c47779a3c7e8889fea6883be46281d45a81451acfd704d7e",
|
||||
"sha256:80bbaddf2baab7e6de4bc47405e34948e694a9efe0861c61cdc23aa774fcb141",
|
||||
"sha256:86545e351e879d0b72b620db6a3b96346921fa87b3d366d6c074e5a9a0b8dadb",
|
||||
"sha256:891dc8f522d7059ff0024cd3ae79fd224752676447f9c678f2a5c14b84d9a939",
|
||||
"sha256:8a31f24e2a0b6317f33aafbb2f0895c0bce772980ae60c2c640d82caac49628a",
|
||||
"sha256:8b99ec73073b37f9ebe8caf399001848fced9c08064effdbfc4da2b5a8d07b93",
|
||||
"sha256:986b7a96228c9b4942ec420eff37556c5777bfba6758edcb95421e4a614b57f9",
|
||||
"sha256:a1547ff4b8a833511eeaceacbcd17b043214fcdb385148f9c1bc5556ca9623e2",
|
||||
"sha256:a2bfc7e2a0601b475477c954bf167dee6d0f55cb167e3f3e7cefad906e7759f6",
|
||||
"sha256:a3c5f1a719aa11866ffc530d54ad965063a8cbbecae6515acbd5f0fae8f48eaa",
|
||||
"sha256:a9f1c3489736ff8e1c7652e9dc39f80cff820f23624f23d9eab6e122ac99b150",
|
||||
"sha256:aa0cf4922da7a3c905d000b35065df6184c0dc1d866dd3b86fd961905bbad2ea",
|
||||
"sha256:ad4332a532e2d5acb231a2e5d33f943750091ee435daffca3fec0a53224e7e33",
|
||||
"sha256:b2582b238e1658c4061ebe1b4df53c435190d22457642377fd0cb30685cdfb76",
|
||||
"sha256:b6fc2e2fb6f532cf48b5fed57567ef286addcef38c28874458a41b7837a57807",
|
||||
"sha256:b92d40121dcbd74831b690a75533da703750f7041b4bf951befc657c37e5695a",
|
||||
"sha256:bbab6faf6568484707acc052f4dfc3802bdb0cafe079383fbaa23f1cdae9ecd4",
|
||||
"sha256:c0b88ed1ae66777a798dc54f627e32d3b81c8009967c63993c450ee4cbcbec15",
|
||||
"sha256:ce13d6291a5f47c1c8dbd375baa78551053bc6b5e5c0e9bb8e39c0a8359fd52f",
|
||||
"sha256:db3535733f59e5605a88a706824dfcb9bd06725e709ecb017e165fc1d6e7d429",
|
||||
"sha256:dd10383f1d6b7edf247d0960a3db274c07e96cf3a3fc7c41c8448f93eac3fb1c",
|
||||
"sha256:e01f9531ba5420838c801c21c1b0f45dbc9607cb22ea2cf132844453bec863a5",
|
||||
"sha256:e11527dc23d5ef44d76fef11213215c34f36af1608074561fcc561d983aeb870",
|
||||
"sha256:e1ab2fac607842ac36864e358c42feb0960ae62c34aa4caaf12ada0a1fb5d99b",
|
||||
"sha256:e1fd7d2fe11f1cb63d3336d147c852f6d07de0d0020d704c6031b46a30b02ca8",
|
||||
"sha256:e9f84ed9f4d50b74fbc77298ee5c870f67cb7e91dcdc1a6915cb1ff6a317476c",
|
||||
"sha256:ec4b4e75fc68da9dc0ed73dcdb431c25c57775383fec325d23a770a64e7ebc87",
|
||||
"sha256:f10ce66fcdeb3543df51d423ede7e238be98412232fca5daec3e54bcd16b8da0",
|
||||
"sha256:f63f62fc60e6228a4ca9abae28228f35e1bd3ce675013d1dfb828688d50c6e23",
|
||||
"sha256:fa56bb08b3dd8eac3a8c5b7d075c94e74f755fd9d8a04543ae8d37b1612dd170",
|
||||
"sha256:fa9b7c450be85bfc6cd39f6df8c5b8cbd76b5d6fc1f69efec80203f9894b885f"
|
||||
"sha256:04da965dfebb5dac2619cb90fcf93efdb35b3c6994fea58a157a834f2f94b318",
|
||||
"sha256:0538747a9d7827ce3e16a8fdd201a99e661c7dee3c96c885d8ecba3c35d1032c",
|
||||
"sha256:0645e934e940107e2fdbe7c5b6fb8ec6232444260752598bc4d09511bd056c0b",
|
||||
"sha256:079b68f197c796e42aa80b1f739f058dcee796dc725cc9a1be0cdb08fc45b000",
|
||||
"sha256:0f3f0059891d3254c7b5fb935330d6db38d6519ecd238ca4fce93c234b4a0f73",
|
||||
"sha256:10d2017f9150248563bb579cd0d07c61c58da85c922b780060dcc9a3aa9f432d",
|
||||
"sha256:1355755b62c28950f9ce123c7a41460ed9743c699905cbe664a5bcc5c9c7c7fb",
|
||||
"sha256:13c90064b224e10c14dcdf8086688d3f0e612db53766e7478d7754703295c7c8",
|
||||
"sha256:1423631e3d51008871299525b541413c9b6c6423593e89f9c4cfbe8460afc0a2",
|
||||
"sha256:1436cf0063bba7888e43f1ba8d58824f085410ea2025befe81150aceb123e345",
|
||||
"sha256:1a7c59c6ffd6ef5db362b798f350e24ab2cfa5700d53ac6681918f314a4d3b94",
|
||||
"sha256:1e1cf47774373777936c5aabad489fef7b1c087dcd1f426b621fda9dcc12994e",
|
||||
"sha256:206a51077773c6c5d2ce1991327cda719063a47adc02bd703c56a662cdb6c58b",
|
||||
"sha256:21fb3d24ab430fc538a96e9fbb9b150029914805d551deeac7d7822f64631dfc",
|
||||
"sha256:27e590352c76156f50f538dbcebd1925317a0f70540f7dc8c97d2931c595783a",
|
||||
"sha256:287605bede6bd36e930577c5925fcea17cb30453d96a7b4c63c14a257118dbb9",
|
||||
"sha256:2aaf6a0a6465d39b5ca69688fce82d20088c1838534982996ec46633dc7ad6cc",
|
||||
"sha256:32a73c53783becdb7eaf75a2a1525ea8e49379fb7248c3eeefb9412123536387",
|
||||
"sha256:41fb58868b816c202e8881fd0f179a4644ce6e7cbbb248ef0283a34b73ec73bb",
|
||||
"sha256:4780677767dd52b99f0af1f123bc2c22873d30b474aa0e2fc3fe5e02217687c7",
|
||||
"sha256:4878e667ebabe9b65e785ac8da4d48886fe81193a84bbe49f12acff8f7a383a4",
|
||||
"sha256:487c8e61d7acc50b8be82bda8c8d21d20e133c3cbf41bd8ad7eb1aaeb3f07c97",
|
||||
"sha256:4beea0f31491bc086991b97517b9683e5cfb369205dac0148ef685ac12a20a67",
|
||||
"sha256:4cfbe42c686f33944e12f45a27d25a492cc0e43e1dc1da5d6a87cbcaf2e95627",
|
||||
"sha256:4d5bae0a37af799207140652a700f21a85946f107a199bcb06720b13a4f1f0b7",
|
||||
"sha256:4e285b5f2bf321fc0857b491b5028c5f276ec0c873b985d58d7748ece1d770dd",
|
||||
"sha256:57e4d637258703d14171b54203fd6822fda218c6c2658a7d30816b10995f29f3",
|
||||
"sha256:5974895115737a74a00b321e339b9c3f45c20275d226398ae79ac008d908bff7",
|
||||
"sha256:5ef87fca280fb15342726bd5f980f6faf8b84a5287fcc2d4962ea8af88b35130",
|
||||
"sha256:603a464c2e67d8a546ddaa206d98e3246e5db05594b97db844c2f0a1af37cf5b",
|
||||
"sha256:6653071f4f9bac46fbc30f3c7838b0e9063ee335908c5d61fb7a4a86c8fd2036",
|
||||
"sha256:6ca2264f341dd81e41f3fffecec6e446aa2121e0b8d026fb5130e02de1402785",
|
||||
"sha256:6d279033bf614953c3fc4a0aa9ac33a21e8044ca72d4fa8b9273fe75359d5cca",
|
||||
"sha256:6d949f53ad4fc7cf02c44d6678e7ff05ec5f5552b235b9e136bd52e9bf730b91",
|
||||
"sha256:6daa662aba22ef3258934105be2dd9afa5bb45748f4f702a3b39a5bf53a1f4dc",
|
||||
"sha256:6eafc048ea3f1b3c136c71a86db393be36b5b3d9c87b1c25204e7d397cee9536",
|
||||
"sha256:830c88747dce8a3e7525defa68afd742b4580df6aa2fdd6f0855481e3994d391",
|
||||
"sha256:86e92728ef3fc842c50a5cb1d5ba2bc66db7da08a7af53fb3da79e202d1b2cd3",
|
||||
"sha256:8caf4d16b31961e964c62194ea3e26a0e9561cdf72eecb1781458b67ec83423d",
|
||||
"sha256:8d1a92d8e90b286d491e5626af53afef2ba04da33e82e30744795c71880eaa21",
|
||||
"sha256:8f0a4d179c9a941eb80c3a63cdb495e539e064f8054230844dcf2fcb812b71d3",
|
||||
"sha256:9232b09f5efee6a495a99ae6824881940d6447debe272ea400c02e3b68aad85d",
|
||||
"sha256:927a9dd016d6033bc12e0bf5dee1dde140235fc8d0d51099353c76081c03dc29",
|
||||
"sha256:93e414e3206779ef41e5ff2448067213febf260ba747fc65389a3ddaa3fb8715",
|
||||
"sha256:98cafc618614d72b02185ac583c6f7796202062c41d2eeecdf07820bad3295ed",
|
||||
"sha256:9c3a88d20e4fe4a2a4a84bf439a5ac9c9aba400b85244c63a1ab7088f85d9d25",
|
||||
"sha256:9f36de4cd0c262dd9927886cc2305aa3f2210db437aa4fed3fb4940b8bf4592c",
|
||||
"sha256:a60f90bba4c37962cbf210f0188ecca87daafdf60271f4c6948606e4dabf8785",
|
||||
"sha256:a614e4afed58c14254e67862456d212c4dcceebab2eaa44d627c2ca04bf86837",
|
||||
"sha256:ae06c1e4bc60ee076292e582a7512f304abdf6c70db59b56745cca1684f875a4",
|
||||
"sha256:b122a188cd292c4d2fcd78d04f863b789ef43aa129b233d7c9004de08693728b",
|
||||
"sha256:b570da8cd0012f4af9fa76a5635cd31f707473e65a5a335b186069d5c7121ff2",
|
||||
"sha256:bcaa1c495ce623966d9fc8a187da80082334236a2a1c7e141763ffaf7a405067",
|
||||
"sha256:bd34f6d1810d9354dc7e35158aa6cc33456be7706df4420819af6ed966e85448",
|
||||
"sha256:be9eb06489bc975c38706902cbc6888f39e946b81383abc2838d186f0e8b6a9d",
|
||||
"sha256:c4b2e0559b68455c085fb0f6178e9752c4be3bba104d6e881eb5573b399d1eb2",
|
||||
"sha256:c62e8dd9754b7debda0c5ba59d34509c4688f853588d75b53c3791983faa96fc",
|
||||
"sha256:c852b1530083a620cb0de5f3cd6826f19862bafeaf77586f1aef326e49d95f0c",
|
||||
"sha256:d9fc0bf3ff86c17348dfc5d322f627d78273eba545db865c3cd14b3f19e57fa5",
|
||||
"sha256:dad7b164905d3e534883281c050180afcf1e230c3d4a54e8038aa5cfcf312b84",
|
||||
"sha256:e5f66bdf0976ec667fc4594d2812a00b07ed14d1b44259d19a41ae3fff99f2b8",
|
||||
"sha256:e8f0c9d65da595cfe91713bc1222af9ecabd37971762cb830dea2fc3b3bb2acf",
|
||||
"sha256:edffbe3c510d8f4bf8640e02ca019e48a9b72357318383ca60e3330c23aaffc7",
|
||||
"sha256:eea5d6443b093e1545ad0210e6cf27f920482bfcf5c77cdc8596aec73523bb7e",
|
||||
"sha256:ef72013e20dd5ba86a8ae1aed7f56f31d3374189aa8b433e7b12ad182c0d2dfb",
|
||||
"sha256:f05251bbc2145349b8d0b77c0d4e5f3b228418807b1ee27cefb11f69ed3d233b",
|
||||
"sha256:f1be258c4d3dc609e654a1dc59d37b17d7fef05df912c01fc2e15eb43a9735f3",
|
||||
"sha256:f9ced82717c7ec65a67667bb05865ffe38af0e835cdd78728f1209c8fffe0cad",
|
||||
"sha256:fe17d10b97fdf58155f858606bddb4e037b805a60ae023c009f760d8361a4eb8",
|
||||
"sha256:fe749b052bb7233fe5d072fcb549221a8cb1a16725c47c37e42b0b9cb3ff2c3f"
|
||||
],
|
||||
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
|
||||
"version": "==4.8.0"
|
||||
"version": "==4.9.1"
|
||||
},
|
||||
"markdown": {
|
||||
"hashes": [
|
||||
@ -330,23 +353,31 @@
|
||||
},
|
||||
"mkdocs": {
|
||||
"hashes": [
|
||||
"sha256:26bd2b03d739ac57a3e6eed0b7bcc86168703b719c27b99ad6ca91dc439aacde",
|
||||
"sha256:b504405b04da38795fec9b2e5e28f6aa3a73bb0960cb6d5d27ead28952bd35ea"
|
||||
"sha256:a41a2ff25ce3bbacc953f9844ba07d106233cd76c88bac1f59cb1564ac0d87ed",
|
||||
"sha256:fda92466393127d2da830bc6edc3a625a14b436316d1caf347690648e774c4f0"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==1.3.0"
|
||||
"version": "==1.3.1"
|
||||
},
|
||||
"mkdocs-git-committers-plugin-2": {
|
||||
"hashes": [
|
||||
"sha256:5da4d790377133d610c0c81fb4989f266b2c9bfaed74866d58af0045926c7753",
|
||||
"sha256:69f38a84bfdc6ecd35778d888b51c40f249f52ed4d1cbc77d5464b6c1c1493f8"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==0.4.3"
|
||||
},
|
||||
"mkdocs-git-revision-date-localized-plugin": {
|
||||
"hashes": [
|
||||
"sha256:f3e020b445e7b4fb4e58ccd46b07adecbca0f85ac1659e1a63e38b8779c81ba7",
|
||||
"sha256:ffcf206b5108d9f729af6cd42377d2e0e25c080817fdad0119549ac924b526f3"
|
||||
"sha256:38517e2084229da1a1b9460e846c2748d238c2d79efd405d1b9174a87bd81d79",
|
||||
"sha256:4ba0e49abea3e9f6ee26e2623ff7283873da657471c61f1d0cfbb986f403316d"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==1.0.1"
|
||||
"version": "==1.1.0"
|
||||
},
|
||||
"mkdocs-material": {
|
||||
"path": "./mkdocs-material",
|
||||
"version": "==8.2.15+insiders.4.15.1"
|
||||
"version": "==8.3.9+insiders.4.21.0"
|
||||
},
|
||||
"mkdocs-material-extensions": {
|
||||
"hashes": [
|
||||
@ -374,10 +405,10 @@
|
||||
},
|
||||
"mkdocs-static-i18n": {
|
||||
"hashes": [
|
||||
"sha256:5d69b4eb284931bd048a36f923367f2a7bd0dc7b0438008dce8ca1a8feee99e2"
|
||||
"sha256:9a13987c1a1afdb2b9f532f7c1597c2b6e747b4015f4adc1ebd65843b8bf1378"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==0.45"
|
||||
"version": "==0.46"
|
||||
},
|
||||
"packaging": {
|
||||
"hashes": [
|
||||
@ -389,47 +420,67 @@
|
||||
},
|
||||
"pillow": {
|
||||
"hashes": [
|
||||
"sha256:088df396b047477dd1bbc7de6e22f58400dae2f21310d9e2ec2933b2ef7dfa4f",
|
||||
"sha256:09e67ef6e430f90caa093528bd758b0616f8165e57ed8d8ce014ae32df6a831d",
|
||||
"sha256:0b4d5ad2cd3a1f0d1df882d926b37dbb2ab6c823ae21d041b46910c8f8cd844b",
|
||||
"sha256:0b525a356680022b0af53385944026d3486fc8c013638cf9900eb87c866afb4c",
|
||||
"sha256:1d4331aeb12f6b3791911a6da82de72257a99ad99726ed6b63f481c0184b6fb9",
|
||||
"sha256:20d514c989fa28e73a5adbddd7a171afa5824710d0ab06d4e1234195d2a2e546",
|
||||
"sha256:2b291cab8a888658d72b575a03e340509b6b050b62db1f5539dd5cd18fd50578",
|
||||
"sha256:3f6c1716c473ebd1649663bf3b42702d0d53e27af8b64642be0dd3598c761fb1",
|
||||
"sha256:42dfefbef90eb67c10c45a73a9bc1599d4dac920f7dfcbf4ec6b80cb620757fe",
|
||||
"sha256:488f3383cf5159907d48d32957ac6f9ea85ccdcc296c14eca1a4e396ecc32098",
|
||||
"sha256:4d45dbe4b21a9679c3e8b3f7f4f42a45a7d3ddff8a4a16109dff0e1da30a35b2",
|
||||
"sha256:53c27bd452e0f1bc4bfed07ceb235663a1df7c74df08e37fd6b03eb89454946a",
|
||||
"sha256:55e74faf8359ddda43fee01bffbc5bd99d96ea508d8a08c527099e84eb708f45",
|
||||
"sha256:59789a7d06c742e9d13b883d5e3569188c16acb02eeed2510fd3bfdbc1bd1530",
|
||||
"sha256:5b650dbbc0969a4e226d98a0b440c2f07a850896aed9266b6fedc0f7e7834108",
|
||||
"sha256:66daa16952d5bf0c9d5389c5e9df562922a59bd16d77e2a276e575d32e38afd1",
|
||||
"sha256:6e760cf01259a1c0a50f3c845f9cad1af30577fd8b670339b1659c6d0e7a41dd",
|
||||
"sha256:7502539939b53d7565f3d11d87c78e7ec900d3c72945d4ee0e2f250d598309a0",
|
||||
"sha256:769a7f131a2f43752455cc72f9f7a093c3ff3856bf976c5fb53a59d0ccc704f6",
|
||||
"sha256:7c150dbbb4a94ea4825d1e5f2c5501af7141ea95825fadd7829f9b11c97aaf6c",
|
||||
"sha256:8844217cdf66eabe39567118f229e275f0727e9195635a15e0e4b9227458daaf",
|
||||
"sha256:8a66fe50386162df2da701b3722781cbe90ce043e7d53c1fd6bd801bca6b48d4",
|
||||
"sha256:9370d6744d379f2de5d7fa95cdbd3a4d92f0b0ef29609b4b1687f16bc197063d",
|
||||
"sha256:937a54e5694684f74dcbf6e24cc453bfc5b33940216ddd8f4cd8f0f79167f765",
|
||||
"sha256:9c857532c719fb30fafabd2371ce9b7031812ff3889d75273827633bca0c4602",
|
||||
"sha256:a4165205a13b16a29e1ac57efeee6be2dfd5b5408122d59ef2145bc3239fa340",
|
||||
"sha256:b3fe2ff1e1715d4475d7e2c3e8dabd7c025f4410f79513b4ff2de3d51ce0fa9c",
|
||||
"sha256:b6617221ff08fbd3b7a811950b5c3f9367f6e941b86259843eab77c8e3d2b56b",
|
||||
"sha256:b761727ed7d593e49671d1827044b942dd2f4caae6e51bab144d4accf8244a84",
|
||||
"sha256:baf3be0b9446a4083cc0c5bb9f9c964034be5374b5bc09757be89f5d2fa247b8",
|
||||
"sha256:c17770a62a71718a74b7548098a74cd6880be16bcfff5f937f900ead90ca8e92",
|
||||
"sha256:c67db410508b9de9c4694c57ed754b65a460e4812126e87f5052ecf23a011a54",
|
||||
"sha256:d78ca526a559fb84faaaf84da2dd4addef5edb109db8b81677c0bb1aad342601",
|
||||
"sha256:e9ed59d1b6ee837f4515b9584f3d26cf0388b742a11ecdae0d9237a94505d03a",
|
||||
"sha256:f054b020c4d7e9786ae0404278ea318768eb123403b18453e28e47cdb7a0a4bf",
|
||||
"sha256:f372d0f08eff1475ef426344efe42493f71f377ec52237bf153c5713de987251",
|
||||
"sha256:f3f6a6034140e9e17e9abc175fc7a266a6e63652028e157750bd98e804a8ed9a",
|
||||
"sha256:ffde4c6fabb52891d81606411cbfaf77756e3b561b566efd270b3ed3791fde4e"
|
||||
"sha256:0030fdbd926fb85844b8b92e2f9449ba89607231d3dd597a21ae72dc7fe26927",
|
||||
"sha256:030e3460861488e249731c3e7ab59b07c7853838ff3b8e16aac9561bb345da14",
|
||||
"sha256:0ed2c4ef2451de908c90436d6e8092e13a43992f1860275b4d8082667fbb2ffc",
|
||||
"sha256:136659638f61a251e8ed3b331fc6ccd124590eeff539de57c5f80ef3a9594e58",
|
||||
"sha256:13b725463f32df1bfeacbf3dd197fb358ae8ebcd8c5548faa75126ea425ccb60",
|
||||
"sha256:1536ad017a9f789430fb6b8be8bf99d2f214c76502becc196c6f2d9a75b01b76",
|
||||
"sha256:15928f824870535c85dbf949c09d6ae7d3d6ac2d6efec80f3227f73eefba741c",
|
||||
"sha256:17d4cafe22f050b46d983b71c707162d63d796a1235cdf8b9d7a112e97b15bac",
|
||||
"sha256:1802f34298f5ba11d55e5bb09c31997dc0c6aed919658dfdf0198a2fe75d5490",
|
||||
"sha256:1cc1d2451e8a3b4bfdb9caf745b58e6c7a77d2e469159b0d527a4554d73694d1",
|
||||
"sha256:1fd6f5e3c0e4697fa7eb45b6e93996299f3feee73a3175fa451f49a74d092b9f",
|
||||
"sha256:254164c57bab4b459f14c64e93df11eff5ded575192c294a0c49270f22c5d93d",
|
||||
"sha256:2ad0d4df0f5ef2247e27fc790d5c9b5a0af8ade9ba340db4a73bb1a4a3e5fb4f",
|
||||
"sha256:2c58b24e3a63efd22554c676d81b0e57f80e0a7d3a5874a7e14ce90ec40d3069",
|
||||
"sha256:2d33a11f601213dcd5718109c09a52c2a1c893e7461f0be2d6febc2879ec2402",
|
||||
"sha256:337a74fd2f291c607d220c793a8135273c4c2ab001b03e601c36766005f36885",
|
||||
"sha256:37ff6b522a26d0538b753f0b4e8e164fdada12db6c6f00f62145d732d8a3152e",
|
||||
"sha256:3d1f14f5f691f55e1b47f824ca4fdcb4b19b4323fe43cc7bb105988cad7496be",
|
||||
"sha256:408673ed75594933714482501fe97e055a42996087eeca7e5d06e33218d05aa8",
|
||||
"sha256:4134d3f1ba5f15027ff5c04296f13328fecd46921424084516bdb1b2548e66ff",
|
||||
"sha256:4ad2f835e0ad81d1689f1b7e3fbac7b01bb8777d5a985c8962bedee0cc6d43da",
|
||||
"sha256:50dff9cc21826d2977ef2d2a205504034e3a4563ca6f5db739b0d1026658e004",
|
||||
"sha256:510cef4a3f401c246cfd8227b300828715dd055463cdca6176c2e4036df8bd4f",
|
||||
"sha256:5aed7dde98403cd91d86a1115c78d8145c83078e864c1de1064f52e6feb61b20",
|
||||
"sha256:69bd1a15d7ba3694631e00df8de65a8cb031911ca11f44929c97fe05eb9b6c1d",
|
||||
"sha256:6bf088c1ce160f50ea40764f825ec9b72ed9da25346216b91361eef8ad1b8f8c",
|
||||
"sha256:6e8c66f70fb539301e064f6478d7453e820d8a2c631da948a23384865cd95544",
|
||||
"sha256:727dd1389bc5cb9827cbd1f9d40d2c2a1a0c9b32dd2261db522d22a604a6eec9",
|
||||
"sha256:74a04183e6e64930b667d321524e3c5361094bb4af9083db5c301db64cd341f3",
|
||||
"sha256:75e636fd3e0fb872693f23ccb8a5ff2cd578801251f3a4f6854c6a5d437d3c04",
|
||||
"sha256:7761afe0126d046974a01e030ae7529ed0ca6a196de3ec6937c11df0df1bc91c",
|
||||
"sha256:7888310f6214f19ab2b6df90f3f06afa3df7ef7355fc025e78a3044737fab1f5",
|
||||
"sha256:7b0554af24df2bf96618dac71ddada02420f946be943b181108cac55a7a2dcd4",
|
||||
"sha256:7c7b502bc34f6e32ba022b4a209638f9e097d7a9098104ae420eb8186217ebbb",
|
||||
"sha256:808add66ea764ed97d44dda1ac4f2cfec4c1867d9efb16a33d158be79f32b8a4",
|
||||
"sha256:831e648102c82f152e14c1a0938689dbb22480c548c8d4b8b248b3e50967b88c",
|
||||
"sha256:93689632949aff41199090eff5474f3990b6823404e45d66a5d44304e9cdc467",
|
||||
"sha256:96b5e6874431df16aee0c1ba237574cb6dff1dcb173798faa6a9d8b399a05d0e",
|
||||
"sha256:9a54614049a18a2d6fe156e68e188da02a046a4a93cf24f373bffd977e943421",
|
||||
"sha256:a138441e95562b3c078746a22f8fca8ff1c22c014f856278bdbdd89ca36cff1b",
|
||||
"sha256:a647c0d4478b995c5e54615a2e5360ccedd2f85e70ab57fbe817ca613d5e63b8",
|
||||
"sha256:a9c9bc489f8ab30906d7a85afac4b4944a572a7432e00698a7239f44a44e6efb",
|
||||
"sha256:ad2277b185ebce47a63f4dc6302e30f05762b688f8dc3de55dbae4651872cdf3",
|
||||
"sha256:b6d5e92df2b77665e07ddb2e4dbd6d644b78e4c0d2e9272a852627cdba0d75cf",
|
||||
"sha256:bc431b065722a5ad1dfb4df354fb9333b7a582a5ee39a90e6ffff688d72f27a1",
|
||||
"sha256:bdd0de2d64688ecae88dd8935012c4a72681e5df632af903a1dca8c5e7aa871a",
|
||||
"sha256:c79698d4cd9318d9481d89a77e2d3fcaeff5486be641e60a4b49f3d2ecca4e28",
|
||||
"sha256:cb6259196a589123d755380b65127ddc60f4c64b21fc3bb46ce3a6ea663659b0",
|
||||
"sha256:d5b87da55a08acb586bad5c3aa3b86505f559b84f39035b233d5bf844b0834b1",
|
||||
"sha256:dcd7b9c7139dc8258d164b55696ecd16c04607f1cc33ba7af86613881ffe4ac8",
|
||||
"sha256:dfe4c1fedfde4e2fbc009d5ad420647f7730d719786388b7de0999bf32c0d9fd",
|
||||
"sha256:ea98f633d45f7e815db648fd7ff0f19e328302ac36427343e4432c84432e7ff4",
|
||||
"sha256:ec52c351b35ca269cb1f8069d610fc45c5bd38c3e91f9ab4cbbf0aebc136d9c8",
|
||||
"sha256:eef7592281f7c174d3d6cbfbb7ee5984a671fcd77e3fc78e973d492e9bf0eb3f",
|
||||
"sha256:f07f1f00e22b231dd3d9b9208692042e29792d6bd4f6639415d2f23158a80013",
|
||||
"sha256:f3fac744f9b540148fa7715a435d2283b71f68bfb6d4aae24482a890aed18b59",
|
||||
"sha256:fa768eff5f9f958270b081bb33581b4b569faabf8774726b283edb06617101dc",
|
||||
"sha256:fac2d65901fb0fdf20363fbd345c01958a742f2dc62a8dd4495af66e3ff502a4"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==9.1.1"
|
||||
"version": "==9.2.0"
|
||||
},
|
||||
"pycparser": {
|
||||
"hashes": [
|
||||
@ -448,11 +499,11 @@
|
||||
},
|
||||
"pymdown-extensions": {
|
||||
"hashes": [
|
||||
"sha256:1baa22a60550f731630474cad28feb0405c8101f1a7ddc3ec0ed86ee510bcc43",
|
||||
"sha256:5b7432456bf555ce2b0ab3c2439401084cda8110f24f6b3ecef952b8313dfa1b"
|
||||
"sha256:3ef2d998c0d5fa7eb09291926d90d69391283561cf6306f85cd588a5eb5befa0",
|
||||
"sha256:ec141c0f4983755349f0c8710416348d1a13753976c028186ed14f190c8061c4"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==9.4"
|
||||
"version": "==9.5"
|
||||
},
|
||||
"pyparsing": {
|
||||
"hashes": [
|
||||
@ -526,91 +577,91 @@
|
||||
},
|
||||
"regex": {
|
||||
"hashes": [
|
||||
"sha256:02543d6d5c32d361b7cc468079ba4cddaaf4a6544f655901ba1ff9d8e3f18755",
|
||||
"sha256:036d1c1fbe69eba3ee253c107e71749cdbb4776db93d674bc0d5e28f30300734",
|
||||
"sha256:071bcb625e890f28b7c4573124a6512ea65107152b1d3ca101ce33a52dad4593",
|
||||
"sha256:0f8da3145f4b72f7ce6181c804eaa44cdcea313c8998cdade3d9e20a8717a9cb",
|
||||
"sha256:0fb6cb16518ac7eff29d1e0b0cce90275dfae0f17154165491058c31d58bdd1d",
|
||||
"sha256:0fd464e547dbabf4652ca5fe9d88d75ec30182981e737c07b3410235a44b9939",
|
||||
"sha256:12af15b6edb00e425f713160cfd361126e624ec0de86e74f7cad4b97b7f169b3",
|
||||
"sha256:165cc75cfa5aa0f12adb2ac6286330e7229a06dc0e6c004ec35da682b5b89579",
|
||||
"sha256:1a07e8366115069f26822c47732122ab61598830a69f5629a37ea8881487c107",
|
||||
"sha256:1c2de7f32fa87d04d40f54bce3843af430697aba51c3a114aa62837a0772f219",
|
||||
"sha256:253f858a0255cd91a0424a4b15c2eedb12f20274f85731b0d861c8137e843065",
|
||||
"sha256:275afc7352982ee947fc88f67a034b52c78395977b5fc7c9be15f7dc95b76f06",
|
||||
"sha256:2bde99f2cdfd6db1ec7e02d68cadd384ffe7413831373ea7cc68c5415a0cb577",
|
||||
"sha256:3241db067a7f69da57fba8bca543ac8a7ca415d91e77315690202749b9fdaba1",
|
||||
"sha256:37903d5ca11fa47577e8952d2e2c6de28553b11c70defee827afb941ab2c6729",
|
||||
"sha256:3dfbadb7b74d95f72f9f9dbf9778f7de92722ab520a109ceaf7927461fa85b10",
|
||||
"sha256:3e35c50b27f36176c792738cb9b858523053bc495044d2c2b44db24376b266f1",
|
||||
"sha256:3e9e983fc8e0d4d5ded7caa5aed39ca2cf6026d7e39801ef6f0af0b1b6cd9276",
|
||||
"sha256:3f6bd8178cce5bb56336722d5569d19c50bba5915a69a2050c497fb921e7cb0f",
|
||||
"sha256:43ee0df35925ae4b0cc6ee3f60b73369e559dd2ac40945044da9394dd9d3a51d",
|
||||
"sha256:45b761406777a681db0c24686178532134c937d24448d9e085279b69e9eb7da4",
|
||||
"sha256:46cbc5b23f85e94161b093dba1b49035697cf44c7db3c930adabfc0e6d861b95",
|
||||
"sha256:4f2e2cef324ca9355049ee1e712f68e2e92716eba24275e6767b9bfa15f1f478",
|
||||
"sha256:50b77622016f03989cd06ecf6b602c7a6b4ed2e3ce04133876b041d109c934ee",
|
||||
"sha256:582ea06079a03750b5f71e20a87cd99e646d796638b5894ff85987ebf5e04924",
|
||||
"sha256:58521abdab76583bd41ef47e5e2ddd93b32501aee4ee8cee71dee10a45ba46b1",
|
||||
"sha256:5b9c7b6895a01204296e9523b3e12b43e013835a9de035a783907c2c1bc447f0",
|
||||
"sha256:6165e737acb3bea3271372e8aa5ebe7226c8a8e8da1b94af2d6547c5a09d689d",
|
||||
"sha256:66fb765b2173d90389384708e3e1d3e4be1148bd8d4d50476b1469da5a2f0229",
|
||||
"sha256:68aed3fb0c61296bd6d234f558f78c51671f79ccb069cbcd428c2eea6fee7a5b",
|
||||
"sha256:6a0ef57cccd8089b4249eebad95065390e56c04d4a92c51316eab4131bca96a9",
|
||||
"sha256:709396c0c95b95045fac89b94f997410ff39b81a09863fe21002f390d48cc7d3",
|
||||
"sha256:73ed1b06abadbf6b61f6033a07c06f36ec0ddca117e41ef2ac37056705e46458",
|
||||
"sha256:7a608022f4593fc67518c6c599ae5abdb03bb8acd75993c82cd7a4c8100eff81",
|
||||
"sha256:7c4d9770e579eb11b582b2e2fd19fa204a15cb1589ae73cd4dcbb63b64f3e828",
|
||||
"sha256:7dbc96419ef0fb6ac56626014e6d3a345aeb8b17a3df8830235a88626ffc8d84",
|
||||
"sha256:7f271d0831d8ebc56e17b37f9fa1824b0379221d1238ae77c18a6e8c47f1fdce",
|
||||
"sha256:82b7fc67e49fdce671bdbec1127189fc979badf062ce6e79dc95ef5e07a8bf92",
|
||||
"sha256:85b7ee4d0c7a46296d884f6b489af8b960c4291d76aea4b22fd4fbe05e6ec08e",
|
||||
"sha256:8b747cef8e5dcdaf394192d43a0c02f5825aeb0ecd3d43e63ae500332ab830b0",
|
||||
"sha256:8bf867ba71856414a482e4b683500f946c300c4896e472e51d3db8dfa8dc8f32",
|
||||
"sha256:8e0da7ef160d4f3eb3d4d3e39a02c3c42f7dbcfce62c81f784cc99fc7059765f",
|
||||
"sha256:8e7d33f93cdd01868327d834d0f5bb029241cd293b47d51b96814dec27fc9b4b",
|
||||
"sha256:92183e9180c392371079262879c6532ccf55f808e6900df5d9f03c9ca8807255",
|
||||
"sha256:92ad03f928675ca05b79d3b1d3dfc149e2226d57ed9d57808f82105d511d0212",
|
||||
"sha256:97af238389cb029d63d5f2d931a7e8f5954ad96e812de5faaed373b68e74df86",
|
||||
"sha256:9913bcf730eb6e9b441fb176832eea9acbebab6035542c7c89d90c803f5cd3be",
|
||||
"sha256:9dae5affbb66178dad6c6fd5b02221ca9917e016c75ee3945e9a9563eb1fbb6f",
|
||||
"sha256:a850f5f369f1e3b6239da7fb43d1d029c1e178263df671819889c47caf7e4ff3",
|
||||
"sha256:aa6daa189db9104787ff1fd7a7623ce017077aa59eaac609d0d25ba95ed251a0",
|
||||
"sha256:aabc28f7599f781ddaeac168d0b566d0db82182cc3dcf62129f0a4fc2927b811",
|
||||
"sha256:af1e687ffab18a75409e5e5d6215b6ccd41a5a1a0ea6ce9665e01253f737a0d3",
|
||||
"sha256:b1d53835922cd0f9b74b2742453a444865a70abae38d12eb41c59271da66f38d",
|
||||
"sha256:b2df3ede85d778c949d9bd2a50237072cee3df0a423c91f5514f78f8035bde87",
|
||||
"sha256:b415b82e5be7389ec5ee7ee35431e4a549ea327caacf73b697c6b3538cb5c87f",
|
||||
"sha256:b7ba3c304a4a5d8112dbd30df8b3e4ef59b4b07807957d3c410d9713abaee9a8",
|
||||
"sha256:bcc6f7a3a95119c3568c572ca167ada75f8319890706283b9ba59b3489c9bcb3",
|
||||
"sha256:be392d9cd5309509175a9d7660dc17bf57084501108dbff0c5a8bfc3646048c3",
|
||||
"sha256:bea61de0c688198e3d9479344228c7accaa22a78b58ec408e41750ebafee6c08",
|
||||
"sha256:bedb3d01ad35ea1745bdb1d57f3ee0f996f988c98f5bbae9d068c3bb3065d210",
|
||||
"sha256:c36906a7855ec33a9083608e6cd595e4729dab18aeb9aad0dd0b039240266239",
|
||||
"sha256:c4fdf837666f7793a5c3cfa2f2f39f03eb6c7e92e831bc64486c2f547580c2b3",
|
||||
"sha256:cfad3a770839aa456ff9a9aa0e253d98b628d005a3ccb37da1ff9be7c84fee16",
|
||||
"sha256:d128e278e5e554c5c022c7bed410ca851e00bacebbb4460de546a73bc53f8de4",
|
||||
"sha256:dffd9114ade73137ab2b79a8faf864683dbd2dbbb6b23a305fbbd4cbaeeb2187",
|
||||
"sha256:e2acf5c66fbb62b5fe4c40978ddebafa50818f00bf79d60569d9762f6356336e",
|
||||
"sha256:e65580ae3137bce712f505ec7c2d700aef0014a3878c4767b74aff5895fc454f",
|
||||
"sha256:e944268445b5694f5d41292c9228f0ca46d5a32a67f195d5f8547c1f1d91f4bc",
|
||||
"sha256:ed26c3d2d62c6588e0dad175b8d8cc0942a638f32d07b80f92043e5d73b7db67",
|
||||
"sha256:ed625205f5f26984382b68e4cbcbc08e6603c9e84c14b38457170b0cc71c823b",
|
||||
"sha256:f2a5d9f612091812dee18375a45d046526452142e7b78c4e21ab192db15453d5",
|
||||
"sha256:f86aef546add4ff1202e1f31e9bb54f9268f17d996b2428877283146bf9bc013",
|
||||
"sha256:f89d26e50a4c7453cb8c415acd09e72fbade2610606a9c500a1e48c43210a42d",
|
||||
"sha256:fb7107faf0168de087f62a2f2ed00f9e9da12e0b801582b516ddac236b871cda"
|
||||
"sha256:03cdd06061426378a83e8a5bdec9cc71b964c35e329f68fb7058d08791780c83",
|
||||
"sha256:03d7ff80e3a276ef460baaa745d425162c19d8ea093d60ecf47f52ffee37aea5",
|
||||
"sha256:0798f6b97c3f8139c95af7b128a60909f5305b2e431a012083063298b2481e5d",
|
||||
"sha256:1228f5a6be5b45ce7b66a69a77682632f0ce64cea1d7da505f33972e01f1f3fe",
|
||||
"sha256:14882770017436aabe4cfa2651a9777f9faa2625bc0f6cdaec362697a8a964c3",
|
||||
"sha256:15bc8cddffe3a9181572c6bcdf45b145691fff1b5712767e7d7a6ef5d32f424f",
|
||||
"sha256:1903a2a6c4463488452e953a49f7e6663cfea9ff5e75b09333cbcc840e727a5b",
|
||||
"sha256:1991348464df42a6bc04601e1241dfa4a9ec4d599338dc64760f2c299e1cb996",
|
||||
"sha256:1dee18c683a0603445ff9e77ffc39f1a3997f43ee07ae04ac80228fc5565fc4d",
|
||||
"sha256:26d6e9a6431626c20821d0165a4c4508acb20a57e4c04ee77c96f01b7fe4c09c",
|
||||
"sha256:39ed69803697f1e1e9f1fb1e0b5a8116c55c130745ecd39485cc6255d3b9f046",
|
||||
"sha256:3ef5a4ced251a501962d1c8797d15978dd97661721e337cbe88d8bcdb9cd0d56",
|
||||
"sha256:3ef700d411b900fcff91f1ef16771bf085a9f9a376d16d8a643e8a20ff6dcb7b",
|
||||
"sha256:3f3de4baf25e960a3048a6ecd0246cedcdfeb462a741d55e9a42e91add5a4a99",
|
||||
"sha256:42702dba0281bcafbcf194770ecb987d60854946071c622777e6d207b3c169bc",
|
||||
"sha256:438b36fbf9446b94325eaeeb1336e2291cd81daeef91b9c728c0946ffbc42ba4",
|
||||
"sha256:4433690ff474fd95a3058085aed5fe12ac4e09d4f4b2b983de35e3a6c899afa0",
|
||||
"sha256:454c2c81d34eb4e1d015acbca0488789c17fc84188e336365eaa31a16c964c04",
|
||||
"sha256:48018c71ce7b2fe80c1eb16b9104d7d04d07567e9333159810a4ae5ef8cdf01f",
|
||||
"sha256:4d4640ab9fd3659378eab2ee6f47c3e04b4a269bf206475652c6d8520a9301cc",
|
||||
"sha256:50497f3d8a1e8d8055c6da1768c98f5b618039e572aacdcccd642704db6077eb",
|
||||
"sha256:50dd20fd10dafd9b697f1c0629285790d86e66946caa2c6a1135f67846d9b495",
|
||||
"sha256:513be18bcf5f27076990dd111f72270d33188653e772023985be92a2c5438382",
|
||||
"sha256:535a2392a0f11f7df80f43e63a5b69c51bb29a10a690e4ae5ad721b9fe50684d",
|
||||
"sha256:55911aba9bae9ad826971d2c80428425625a3dd0c00b94e9bb19361888b983a6",
|
||||
"sha256:609a97626bf310e8cd7c79173e6ed8acab7f01ed4519b7936e998b54b3eb8d31",
|
||||
"sha256:730cc311757153d59bf2bcf06d4026e3c998c1919c06557ad0e382235049b376",
|
||||
"sha256:7378a6fba8a043b3c5fb8cf915044c814ebb2463b0a7137ec09ae0b1b10f5484",
|
||||
"sha256:750b5de7982e568c1bb60388dea1c3abd674d1d579b87ef1b945ba4da53eb5e2",
|
||||
"sha256:76696de39cbbbf976aa85cbd7b1f3ea2d98b3bc9889f6739fdb6cda85a7f05aa",
|
||||
"sha256:89f4c531409ef01aa12b7c15bb489415e219c186725d44bc12a8f279afde3fe2",
|
||||
"sha256:8d928237cf78cfe3b46b608f87e255c45a1e11d04e7dd2c49cb60200cbd6f987",
|
||||
"sha256:8e324436b7f8bbb8e7b3c4593b01d1dce7215befc83a60569ff34a38d6c250ae",
|
||||
"sha256:9163ef45bfebc39838848330cb94f79b563f738c60fc0a20a7f0a30f13ec1573",
|
||||
"sha256:91d2a85a4a134011eb517f2a752f4e488b0a4f6b6ad00ef247f9fac57f9ff4f0",
|
||||
"sha256:933752abc9931cb53eccbd4ab3aedbcd0f1797c0a1b19ed385952e265636b2b6",
|
||||
"sha256:9b8d411a547b47852020242f9c384da35d4c65ccf159ae55a3ba0e50b6220932",
|
||||
"sha256:9eec276e6419de4f93824f9373b28a2a8eaed04f28514000cc6a41b64703d804",
|
||||
"sha256:a06d6ada6bef79aaa550ef37c7d529da60b81c02838d9dd9c5ab788becfc57d4",
|
||||
"sha256:a0c38edcc78556625cbadf48eb87decd5d3c5e82fc4810dd22c19a5498d2329d",
|
||||
"sha256:a23653a18c1d69760a2d8b6793478815cf5dc8c12f3b6e608e50aed49829f0ef",
|
||||
"sha256:a2afa24d06301f4ffcb00244d30df1c12e65cabf30dcb0ba8b871d6b0c54d19e",
|
||||
"sha256:a60840ebd37fe0152b5be50b56e8a958e1430837475311986f867dabad1c7474",
|
||||
"sha256:ab950bbafafe9bf2e0a75b9f17291500fa7794f398834f1f4a71c18dddece130",
|
||||
"sha256:ae6cd6ce16681d345592d74a0a92b25a9530d4055be460af425e654d891cdee4",
|
||||
"sha256:af3d5c74af5ae5d04d597ea61e5e9e0b84e84509e58d1e52aaefbae81cb697bb",
|
||||
"sha256:b131c7c94da56f8f1c59b4540c37c20973119608ec8cf42b3ebb40a94f3afc2c",
|
||||
"sha256:b24133df3d3c57a901f6a63ba3783d6eed1d0561ed1cafd027f0789e76a10615",
|
||||
"sha256:b5f1e598b9b823fb37f2f1baf930bb5f30ae4a3d9b67dfdc63f8f2374f336679",
|
||||
"sha256:bbc0c5b350036ce49a8fd6015a29e4621de725fa99d9e985d3d76b820d44e5a9",
|
||||
"sha256:bd0883e86964cd61360ffc36dbebbc49b928e92a306f886eab02c11dfde5b7aa",
|
||||
"sha256:c942696b541ce6be4e3cc2c963b48671277b38ebd4a28af803b511b2885759b7",
|
||||
"sha256:cc018ce0f1b62df155a5b9c9a81464040a87e97fd9bd05e0febe92568c63e678",
|
||||
"sha256:ccf10d7d0f25a3c5e123c97ffbab8d4b1429a3c25fbd50812010075bd5d844fd",
|
||||
"sha256:d3ce546e54cfafa9dee60b11b7f99b87058d81ab62bd05e366fc5bf6b2c1383a",
|
||||
"sha256:dc49d9c6289df4c7895c85094872ef98ce7f609ba0ecbeb77acdd7f8362cda7d",
|
||||
"sha256:dd0b115c4fab388b1131c89518cdd98db38d88c55cedfffc71de33c92eeee9c6",
|
||||
"sha256:e0c12e5c14eeb5e484c688f2db57ca4a8182d09b40ab69f73147dc32bcdf849d",
|
||||
"sha256:e19695f7b8de8a3b7d940288abedf48dfcfc0cd8d36f360e5b1bc5e1c3f02a72",
|
||||
"sha256:e1b83baa19355c8dd0ec23e725f18450be01bc464ba1f1865cfada03594fa629",
|
||||
"sha256:e2c8f542c5afd36e60237dbbabc95722135047d4c2844b9c4bff74c7177a50a1",
|
||||
"sha256:e4a72f70ad7aa3df8244da55cf21e28b6f0640a8d8e0065dfa7ec477dd2b4ea4",
|
||||
"sha256:ea9f01224c25101c5f2c6dceebd29d1431525637d596241935640e4de0fbb822",
|
||||
"sha256:ed42feff196aaf262db1878d5ac553a3bcef147caf1362e7095f1115b71ae0e1",
|
||||
"sha256:f049a9fdacdbc4e84afcec7a3b14a8309699a7347c95a525d49c4b9a9c353cee",
|
||||
"sha256:f7329e66c6bd9950eb428f225db3982e5f54e53d3d95951da424dce9aa621eae",
|
||||
"sha256:f755fba215ddafa26211e33ac91b48dcebf84ff28590790e5b7711b46fa4095d",
|
||||
"sha256:f86be4e30cf2ffcd67845251c8549d70740cd6eec77bd38d977c4c0640eefc24",
|
||||
"sha256:f898bf0a9613cc8b7f7af6fdcd80cc8e7659787908834c63391f22271fdb1c14",
|
||||
"sha256:fac0dd2f11a165a79e271a04226378a008c83368031c6a9294a6df9cd1c13c05",
|
||||
"sha256:fbbf9858a3043f632c9da2a82e4ce895016dfb401f59ab110900121121ee73b7",
|
||||
"sha256:fddd2ef742f05a18fde1d1c74df12fa6f426945cfb6fefba3fa1c5380e2dd2bf",
|
||||
"sha256:fddd7ddd520661085ffd91f1db74b18e4cf5ed9b6e939aa7d31ca1ea67bc7621",
|
||||
"sha256:ff0e0c3a48c635529a1723d2fea9326da1dacdba5db20be1a4eeaf56580e3949"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2022.4.24"
|
||||
"version": "==2022.7.25"
|
||||
},
|
||||
"requests": {
|
||||
"hashes": [
|
||||
"sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61",
|
||||
"sha256:f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d"
|
||||
"sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983",
|
||||
"sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349"
|
||||
],
|
||||
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
|
||||
"version": "==2.27.1"
|
||||
"markers": "python_version >= '3.7' and python_version < '4'",
|
||||
"version": "==2.28.1"
|
||||
},
|
||||
"six": {
|
||||
"hashes": [
|
||||
@ -638,50 +689,50 @@
|
||||
},
|
||||
"typing-extensions": {
|
||||
"hashes": [
|
||||
"sha256:6657594ee297170d19f67d55c05852a874e7eb634f4f753dbd667855e07c1708",
|
||||
"sha256:f1c24655a0da0d1b67f07e17a5e6b2a105894e6824b92096378bb3668ef02376"
|
||||
"sha256:25642c956049920a5aa49edcdd6ab1e06d7e5d467fc00e0506c44ac86fbfca02",
|
||||
"sha256:e6d2677a32f47fc7eb2795db1dd15c1f34eff616bcaf2cfb5e997f854fa1c4a6"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==4.2.0"
|
||||
"version": "==4.3.0"
|
||||
},
|
||||
"urllib3": {
|
||||
"hashes": [
|
||||
"sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14",
|
||||
"sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"
|
||||
"sha256:c33ccba33c819596124764c23a97d25f32b28433ba0dedeb77d873a38722c9bc",
|
||||
"sha256:ea6e8fb210b19d950fab93b60c9009226c63a28808bc8386e05301e25883ac0a"
|
||||
],
|
||||
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'",
|
||||
"version": "==1.26.9"
|
||||
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' and python_version < '4'",
|
||||
"version": "==1.26.11"
|
||||
},
|
||||
"watchdog": {
|
||||
"hashes": [
|
||||
"sha256:036ed15f7cd656351bf4e17244447be0a09a61aaa92014332d50719fc5973bc0",
|
||||
"sha256:0c520009b8cce79099237d810aaa19bc920941c268578436b62013b2f0102320",
|
||||
"sha256:0fb60c7d31474b21acba54079ce9ff0136411183e9a591369417cddb1d7d00d7",
|
||||
"sha256:156ec3a94695ea68cfb83454b98754af6e276031ba1ae7ae724dc6bf8973b92a",
|
||||
"sha256:1ae17b6be788fb8e4d8753d8d599de948f0275a232416e16436363c682c6f850",
|
||||
"sha256:1e5d0fdfaa265c29dc12621913a76ae99656cf7587d03950dfeb3595e5a26102",
|
||||
"sha256:24dedcc3ce75e150f2a1d704661f6879764461a481ba15a57dc80543de46021c",
|
||||
"sha256:2962628a8777650703e8f6f2593065884c602df7bae95759b2df267bd89b2ef5",
|
||||
"sha256:47598fe6713fc1fee86b1ca85c9cbe77e9b72d002d6adeab9c3b608f8a5ead10",
|
||||
"sha256:4978db33fc0934c92013ee163a9db158ec216099b69fce5aec790aba704da412",
|
||||
"sha256:5e2e51c53666850c3ecffe9d265fc5d7351db644de17b15e9c685dd3cdcd6f97",
|
||||
"sha256:676263bee67b165f16b05abc52acc7a94feac5b5ab2449b491f1a97638a79277",
|
||||
"sha256:68dbe75e0fa1ba4d73ab3f8e67b21770fbed0651d32ce515cd38919a26873266",
|
||||
"sha256:6d03149126864abd32715d4e9267d2754cede25a69052901399356ad3bc5ecff",
|
||||
"sha256:6ddf67bc9f413791072e3afb466e46cc72c6799ba73dea18439b412e8f2e3257",
|
||||
"sha256:746e4c197ec1083581bb1f64d07d1136accf03437badb5ff8fcb862565c193b2",
|
||||
"sha256:7721ac736170b191c50806f43357407138c6748e4eb3e69b071397f7f7aaeedd",
|
||||
"sha256:88ef3e8640ef0a64b7ad7394b0f23384f58ac19dd759da7eaa9bc04b2898943f",
|
||||
"sha256:aa68d2d9a89d686fae99d28a6edf3b18595e78f5adf4f5c18fbfda549ac0f20c",
|
||||
"sha256:b962de4d7d92ff78fb2dbc6a0cb292a679dea879a0eb5568911484d56545b153",
|
||||
"sha256:ce7376aed3da5fd777483fe5ebc8475a440c6d18f23998024f832134b2938e7b",
|
||||
"sha256:ddde157dc1447d8130cb5b8df102fad845916fe4335e3d3c3f44c16565becbb7",
|
||||
"sha256:efcc8cbc1b43902571b3dce7ef53003f5b97fe4f275fe0489565fc6e2ebe3314",
|
||||
"sha256:f9ee4c6bf3a1b2ed6be90a2d78f3f4bbd8105b6390c04a86eb48ed67bbfa0b0b",
|
||||
"sha256:fed4de6e45a4f16e4046ea00917b4fe1700b97244e5d114f594b4a1b9de6bed8"
|
||||
"sha256:083171652584e1b8829581f965b9b7723ca5f9a2cd7e20271edf264cfd7c1412",
|
||||
"sha256:117ffc6ec261639a0209a3252546b12800670d4bf5f84fbd355957a0595fe654",
|
||||
"sha256:186f6c55abc5e03872ae14c2f294a153ec7292f807af99f57611acc8caa75306",
|
||||
"sha256:195fc70c6e41237362ba720e9aaf394f8178bfc7fa68207f112d108edef1af33",
|
||||
"sha256:226b3c6c468ce72051a4c15a4cc2ef317c32590d82ba0b330403cafd98a62cfd",
|
||||
"sha256:247dcf1df956daa24828bfea5a138d0e7a7c98b1a47cf1fa5b0c3c16241fcbb7",
|
||||
"sha256:255bb5758f7e89b1a13c05a5bceccec2219f8995a3a4c4d6968fe1de6a3b2892",
|
||||
"sha256:43ce20ebb36a51f21fa376f76d1d4692452b2527ccd601950d69ed36b9e21609",
|
||||
"sha256:4f4e1c4aa54fb86316a62a87b3378c025e228178d55481d30d857c6c438897d6",
|
||||
"sha256:5952135968519e2447a01875a6f5fc8c03190b24d14ee52b0f4b1682259520b1",
|
||||
"sha256:64a27aed691408a6abd83394b38503e8176f69031ca25d64131d8d640a307591",
|
||||
"sha256:6b17d302850c8d412784d9246cfe8d7e3af6bcd45f958abb2d08a6f8bedf695d",
|
||||
"sha256:70af927aa1613ded6a68089a9262a009fbdf819f46d09c1a908d4b36e1ba2b2d",
|
||||
"sha256:7a833211f49143c3d336729b0020ffd1274078e94b0ae42e22f596999f50279c",
|
||||
"sha256:8250546a98388cbc00c3ee3cc5cf96799b5a595270dfcfa855491a64b86ef8c3",
|
||||
"sha256:97f9752208f5154e9e7b76acc8c4f5a58801b338de2af14e7e181ee3b28a5d39",
|
||||
"sha256:9f05a5f7c12452f6a27203f76779ae3f46fa30f1dd833037ea8cbc2887c60213",
|
||||
"sha256:a735a990a1095f75ca4f36ea2ef2752c99e6ee997c46b0de507ba40a09bf7330",
|
||||
"sha256:ad576a565260d8f99d97f2e64b0f97a48228317095908568a9d5c786c829d428",
|
||||
"sha256:b530ae007a5f5d50b7fbba96634c7ee21abec70dc3e7f0233339c81943848dc1",
|
||||
"sha256:bfc4d351e6348d6ec51df007432e6fe80adb53fd41183716017026af03427846",
|
||||
"sha256:d3dda00aca282b26194bdd0adec21e4c21e916956d972369359ba63ade616153",
|
||||
"sha256:d9820fe47c20c13e3c9dd544d3706a2a26c02b2b43c993b62fcd8011bcc0adb3",
|
||||
"sha256:ed80a1628cee19f5cfc6bb74e173f1b4189eb532e705e2a13e3250312a62e0c9",
|
||||
"sha256:ee3e38a6cc050a8830089f79cbec8a3878ec2fe5160cdb2dc8ccb6def8552658"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2.1.8"
|
||||
"version": "==2.1.9"
|
||||
},
|
||||
"webencodings": {
|
||||
"hashes": [
|
||||
@ -692,11 +743,11 @@
|
||||
},
|
||||
"zipp": {
|
||||
"hashes": [
|
||||
"sha256:56bf8aadb83c24db6c4b577e13de374ccfb67da2078beba1d037c17980bf43ad",
|
||||
"sha256:c4f6e5bbf48e74f7a38e7cc5b0480ff42b0ae5178957d564d18932525d5cf099"
|
||||
"sha256:05b45f1ee8f807d0cc928485ca40a07cb491cf092ff587c0df9cb1fd154848d2",
|
||||
"sha256:47c40d7fe183a6f21403a199b3e4192cca5774656965b0a4988ad2f8feb5f009"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==3.8.0"
|
||||
"version": "==3.8.1"
|
||||
}
|
||||
},
|
||||
"develop": {
|
||||
|
||||
22
README.md
22
README.md
@ -58,6 +58,14 @@ Our current list of team members can be found [here](https://github.com/orgs/pri
|
||||
- Browse our [open issues](https://github.com/privacyguides/privacyguides.org/issues) to see what needs to be updated
|
||||
- View some contribution tips on our [contributor's wiki](https://github.com/privacyguides/privacyguides.org/wiki)
|
||||
|
||||
### Blog
|
||||
|
||||
We aspire to publish the best articles about privacy on the net. From hot-takes to long-form essays, we are looking for stylish and well-written pieces.
|
||||
|
||||
This not a place for sponsored content or SEO-obsessed posts. Please do **not** pitch us this, as we don't take kindly to it and your email will be blocked. *Caveat scriptor.*
|
||||
|
||||
Submit stories or requests to: `freddy@privacyguides.org`
|
||||
|
||||
## Mirrors
|
||||
|
||||
[](https://github.com/privacyguides/privacyguides.org)
|
||||
@ -74,7 +82,7 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
|
||||
- `git submodule init`
|
||||
- `git submodule update docs/assets/brand`
|
||||
2. Install [Python 3.6+](https://www.python.org/downloads/)
|
||||
3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n mkdocs-git-revision-date-localized-plugin mkdocs-minify-plugin mkdocs-rss-plugin typing-extensions`
|
||||
3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n typing-extensions`
|
||||
4. Serve the site locally: `mkdocs serve`
|
||||
- The site will be available at `http://localhost:8000`
|
||||
- You can build the site locally with `mkdocs build`
|
||||
@ -83,10 +91,10 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
|
||||
**Team members** should clone the repository with `mkdocs-material-insiders` directly. This method is identical to production:
|
||||
|
||||
1. Clone this repository and submodules: `git clone --recurse-submodules https://github.com/privacyguides/privacyguides.org.git`
|
||||
2. Install [Python 3.6+](https://www.python.org/downloads/)
|
||||
2. Install Python **3.7**
|
||||
3. Install **pipenv**: `pip install pipenv`
|
||||
4. Install dependencies: `pipenv install --dev`
|
||||
5. Serve the site locally: `pipenv run mkdocs serve`
|
||||
5. Serve the site locally: `pipenv run mkdocs serve --config-file mkdocs.production.yml`
|
||||
- The site will be available at `http://localhost:8000`
|
||||
- You can build the site locally with `pipenv run mkdocs build`
|
||||
- This version of the site should be identical to the live, production version
|
||||
@ -95,12 +103,12 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
|
||||
|
||||
1. Create a new tag: `git tag -s v2.X.X -m 'Some message'`
|
||||
- [View existing tags](https://github.com/privacyguides/privacyguides.org/tags)
|
||||
- Tag [numbering](https://semver.org/): Increment the MINOR (2nd) number when making significant changes (adding/deleting pages, etc.), increment the PATCH (3rd) number when making minor changes (typos, bug fixes). Probably leave the MAJOR number at 2 until a massive redesign (v1 -> v2 was the Jekyll to MkDocs transition).
|
||||
- Tag [numbering](https://semver.org/): Increment the MINOR (2nd) number when making significant changes (adding/deleting pages, etc.), increment the PATCH (3rd) number when making minor changes (typos, bug fixes). Probably leave the MAJOR number at 2 until a massive revamp (v1 -> v2 was the Jekyll to MkDocs transition).
|
||||
2. Push the tag to GitHub: `git push --tags`
|
||||
3. [Create a new release](https://github.com/privacyguides/privacyguides.org/releases/new) selecting the new tag
|
||||
- Title the release the same as the tag version number without the `v`, i.e. `2.X.X`
|
||||
- For more significant releases, add a **short** title, for example [2.3.0 - Localization Support](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) or [2.2.0 - Removing Social Networks](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.2.0)
|
||||
- Title the release the same as the tag version number, i.e. `v2.X.X`
|
||||
- For more significant releases, add a **short** title, for example [v2.3.0 - Localization Support](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) or [v2.2.0 - Removing Social Networks](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.2.0)
|
||||
- GitHub should let you auto-generate release notes based on PR titles
|
||||
- Mark more significant changes in bold, see [2.3.0](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.3.0) for example
|
||||
- Mark more significant changes in bold, see [v2.12.0](https://github.com/privacyguides/privacyguides.org/releases/tag/v2.12.0) for example
|
||||
4. Publish release, it will be deployed to the live site automatically
|
||||
- When publishing more significant releases (generally any with a MINOR version increment) check the "Create a discussion for this release" box to post an announcement
|
||||
|
||||
@ -34,5 +34,3 @@ Physical destruction may be necessary to securely erase devices such as memory c
|
||||
Securely shredding **individual files** is difficult if not impossible. Copies can exist in a variety of ways such as through manual, or automatic backups, [wear leveling](https://en.wikipedia.org/wiki/Wear_leveling) (on modern [flash storage](https://en.wikipedia.org/wiki/Solid-state_drive)), caching and filesystem [journaling](https://en.wikipedia.org/wiki/Journaling_file_system).
|
||||
|
||||
Wear leveled devices do not guarantee a fixed relationship between [logical blocks addressed](https://en.wikipedia.org/wiki/Logical_block_addressing) through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, so shredding may not provide adequate security.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -78,7 +78,7 @@ Shortcuts is quite intuitive to work with, so if you don't like the behavior dem
|
||||
|
||||
[Shortcuts](https://support.apple.com/guide/shortcuts/welcome/ios) can be made accessible through the system Share Sheet, making accessing those shortcuts very convenient. This guide will show you how to build a metadata removal shortcut and integrate it into the system *Share Sheet*.
|
||||
|
||||
!!! attention
|
||||
!!! warning
|
||||
This method of metadata removal is not as comprehensive at removing metadata as utilities like [ExifTool](../metadata-removal-tools.md#exiftool) and [mat2](../metadata-removal-tools.md#mat2) are.
|
||||
|
||||
The lack of *good* metadata removal apps on the App Store is what makes this solution worthwhile.
|
||||
@ -160,5 +160,3 @@ Windows allows you to place files in a **SendTo** folder which then appear in th
|
||||
### Using the shortcut
|
||||
|
||||
1. Right click a supported file and choose **ExifTool.bat** within the *Send to* context menu.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
258
docs/advanced/signal-configuration-hardening.en.md
Normal file
258
docs/advanced/signal-configuration-hardening.en.md
Normal file
@ -0,0 +1,258 @@
|
||||
---
|
||||
title: "Signal Configuration and Hardening"
|
||||
icon: 'material/chat-processing'
|
||||
---
|
||||
|
||||
[Signal](../real-time-communication.md#signal) is a widely regarded instant messaging service that is not only easy to use but is also private and secure. Signal's strong E2EE implementation and metadata protections provide a level of assurance that only you and your intended recipients are able to read communications.
|
||||
|
||||
This guide details actions you can take to configure and harden Signal in accordance with your [threat model](../basics/threat-modeling.md).
|
||||
|
||||
## Signal Configuration
|
||||
|
||||
### Signal PIN
|
||||
|
||||
When you register for Signal with your phone number, you will be asked to set up a Signal PIN. This PIN can be used to recover your profile, settings, contacts and who you've blocked in case you ever lose or switch devices.
|
||||
|
||||
Additionally, your Signal PIN can also double as a registration lock that prevents others from registering with your number.
|
||||
|
||||
!!! attention "Registration Lock"
|
||||
|
||||
The server will not enforce the registration lock after 7 days of inactivity. After that, someone will be able to reset the PIN at registration and register with your phone number. This will wipe the data stored in your Signal account, as it is encrypted by the PIN, but it won't prevent someone from registering with your number provided that they can receive a text on it.
|
||||
|
||||
If you haven't set up a Signal PIN, or have previously opted out of setting one up, follow these steps on Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Account** > **Signal PIN**
|
||||
- Select **Create new PIN**
|
||||
|
||||
Signal will prompt you to enter a PIN. We suggest using a strong alphanumeric PIN that can be stored in a [password manager](../passwords.md).
|
||||
|
||||
Once you have done that, or if you already have set up a PIN, make sure that **Registration Lock** is also enabled.
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Account** > **Signal PIN**
|
||||
- [x] Turn on **Registration Lock**
|
||||
|
||||
!!! Important
|
||||
|
||||
If you forget the PIN and have enabled a registration lock, you may be locked out of your account for up to 7 days.
|
||||
|
||||
You can learn more about Signal PIN on [Signal's website](https://support.signal.org/hc/en-us/articles/360007059792-Signal-PIN).
|
||||
|
||||
### Safety Numbers
|
||||
|
||||
Safety numbers are a feature in Signal that allows you to ensure that messages are delivered securely between verified devices.
|
||||
|
||||
It is best practice to always compare safety numbers with your contacts. This can be done in a couple of ways:
|
||||
|
||||
- Scanning your contact's QR code while viewing their safety number.
|
||||
- Comparing the safety numbers on both ends, be it visually or audibly.
|
||||
|
||||
!!! Important
|
||||
|
||||
In order for safety numbers to also verify that the intended recipient has access to the device you're verifying, you need a secondary communication channel where you can authenticate the person that is holding the device. For example, an in-person meeting or during a video call.
|
||||
|
||||
To view the safety number for a particular contact, you need to follow these steps within Signal:
|
||||
|
||||
- Go to a chat with a contact.
|
||||
- Select the chat header or :material-dots-vertical: > **View Safety Number**
|
||||
|
||||
Once you've compared the safety numbers on both devices, you can mark that contact as **Verified**.
|
||||
|
||||
A checkmark will appear in the chat header by your contact's name when the safety number is marked as verified. It will remain verified unless the safety number changes or you manually change the verification status.
|
||||
|
||||
After doing that, any time the safety number changes, you'll be notified.
|
||||
|
||||
If the safety number with one of your contacts changes, we recommend asking the contact what happened (if they switched to a new device or re-installed Signal, for example) and verify the safety numbers again.
|
||||
|
||||
For more demanding threat models, you should agree on a protocol with your contacts in advance on what to do in case the safety number ever changes.
|
||||
|
||||
You can learn more about safety numbers on [Signal's website](https://support.signal.org/hc/en-us/articles/360007060632-What-is-a-safety-number-and-why-do-I-see-that-it-changed-).
|
||||
|
||||
### Disappearing Messages
|
||||
|
||||
While communication in Signal is E2EE, the messages are still available on the devices, unless they are manually deleted.
|
||||
|
||||
It is good practice to set up disappearing messages in Signal's settings so that any chats you start will disappear after a specified amount of time has passed.
|
||||
|
||||
On Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- Under **Disappearing messages**, select **Default timer for new chats**
|
||||
- Select the desired amount of time and select **Save**
|
||||
|
||||
!!! tip "Override the global default for specific contacts"
|
||||
|
||||
- Go to a chat with a contact
|
||||
- Select :material-dots-vertical: on the top right
|
||||
- Select **Disappearing messages**
|
||||
- Select the desired amount of time and select **Save**
|
||||
|
||||
We recommend setting up a reasonable timer by default, such as one week, and adjusting it per contact as you see fit.
|
||||
|
||||
!!! tip "Snapchat-like Functionality"
|
||||
|
||||
Signal allows you to send "view-once" media that are automatically removed from the conversation after they have been viewed.
|
||||
|
||||
### Disable Link Previews
|
||||
|
||||
Signal offers the ability to retrieve previews of webpages linked within a conversation.
|
||||
|
||||
This means that when you send a link, a request will be sent to that website so that a preview of the website can be displayed alongside the link. Thus, we recommend disabling link previews.
|
||||
|
||||
Your recipient doesn't make any requests unless they open the link on their end.
|
||||
|
||||
On Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Chats**
|
||||
- [ ] Turn off **Generate link previews**
|
||||
|
||||
### Screen Security
|
||||
|
||||
Signal allows you to prevent a preview of the app being shown (i.e., in the app switcher) unless you explicitly open it.
|
||||
|
||||
On Android:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- [x] Turn on **Screen Security**
|
||||
|
||||
On iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- [x] Turn on **Hide Screen in App Switcher**
|
||||
|
||||
### Screen Lock
|
||||
|
||||
If someone gets a hold of your device while it is unlocked, you run the risk of them being able to open the Signal app and look at your conversations.
|
||||
|
||||
To mitigate this, you can leverage the Screen Lock option to require additional authentication before Signal can be accessed.
|
||||
|
||||
On Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- [x] Turn on **Screen Lock**
|
||||
|
||||
### Notification Privacy
|
||||
|
||||
Even when your phone is locked, anyone who can lay eyes on the device can read messages and sender names from your lock screen.
|
||||
|
||||
On Signal, you have the ability to hide message content and sender name, or just the message content itself.
|
||||
|
||||
On Android:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Notifications**
|
||||
- Select **Show**
|
||||
- Select **No name or message** or **Name only** respectively.
|
||||
|
||||
On iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Notifications**
|
||||
- Select **Show**
|
||||
- Select **No name or Content** or **Name Only** respectively.
|
||||
|
||||
### Call Relaying
|
||||
|
||||
Signal allows you to relay all calls (including video calls) through the Signal server to avoid revealing your IP address to your contact. This may reduce call quality.
|
||||
|
||||
On Android/iOS:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy** > **Advanced**
|
||||
- [x] Turn on **Always Relay Calls**
|
||||
|
||||
For incoming calls from people who are not in your Contacts app, the call will be relayed through the Signal server regardless of how you've set it up.
|
||||
|
||||
### Proxy Support
|
||||
|
||||
If Signal is blocked in your country, Signal allows you to set up a proxy to bypass it.
|
||||
|
||||
!!! Warning
|
||||
|
||||
All traffic remains opaque to the proxy operator. However, the censoring party could learn that you are using Signal through a proxy because the app [fails to route all the IP connections to the proxy](https://community.signalusers.org/t/traffic-not-routed-to-tls-proxies-can-expose-users-to-censors/27479).
|
||||
|
||||
You can learn more about Signal's proxy support on their [website](https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support).
|
||||
|
||||
### Keep Your Signal Call History off iCloud (iOS only)
|
||||
|
||||
Signal allows you to see your call history from your regular phone app. This allows your iOS device to sync your call history with iCloud, including who you spoke to, when, and for how long.
|
||||
|
||||
If you use iCloud and you don’t want to share call history on Signal, confirm it’s turned off:
|
||||
|
||||
- Select :material-dots-vertical: **Settings** > **Privacy**
|
||||
- [ ] Turn off **Show Calls in Recents**
|
||||
|
||||
## Signal Hardening
|
||||
|
||||
### Avoid Linking Your Signal Account to a Desktop Device
|
||||
|
||||
While it may be tempting to link your Signal account to your desktop device for convenience, keep in mind that this extends your trust to an additional and potentially less secure operating system.
|
||||
|
||||
If your threat model calls for it, avoid linking your Signal account to a desktop device to reduce your attack surface.
|
||||
|
||||
### Endpoint Security
|
||||
|
||||
Signal takes security very seriously, however there is only so much an app can do to protect you.
|
||||
|
||||
It is very important to take device security on both ends into account to ensure that your conversations are kept private.
|
||||
|
||||
We recommend an up-to-date [GrapheneOS](/android/#grapheneos) or iOS device.
|
||||
|
||||
### Hardening Signal with Molly on Android
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Molly** is a security-focused [Signal](../real-time-communication/#signal) fork that aims to provide extensive hardening and anti-forensic features to people who use Signal.
|
||||
|
||||
[:octicons-home-16: Homepage](https://molly.im/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://github.com/mollyim/mollyim-android/wiki){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:pg-f-droid: F-Droid](https://molly.im/download/fdroid/)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/mollyim/mollyim-android/releases)
|
||||
|
||||
Molly offers two variants of the app: **Molly** and **Molly-FOSS**.
|
||||
|
||||
The former is identical to Signal with the addition of Molly's improvements and security features. The latter, Molly-FOSS, removes Google's proprietary code, which is used for some key features (e.g., [FCM](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) and Google Maps integration), in an effort to make it fully open-source.
|
||||
|
||||
A comparison of the two versions is available in the [project's repository](https://github.com/mollyim/mollyim-android#readme).
|
||||
|
||||
Both versions of Molly support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code.
|
||||
|
||||
#### Features
|
||||
|
||||
Molly has implemented database encryption at rest, which means that you can encrypt the app's database with a passphrase to ensure that none of its data is accessible without it.
|
||||
|
||||
!!! note
|
||||
|
||||
As long as Molly is locked, you will not receive notifications for any incoming messages or calls until you unlock it again.
|
||||
|
||||
Once enabled, a configurable lock timer can be set, after which point Molly will lock itself if you haven't unlocked your device for that specific time period. Alternatively, you can manually lock the app whenever you want.
|
||||
|
||||
For the database encryption feature to be useful, two conditions must be met:
|
||||
|
||||
1. Molly has to be locked at the time an attacker gains access to the device. This can include a physical attack in which the attacker seizes your device and manages to unlock the device itself, or a remote attack, in which the device is compromised and manages to elevate privileges to root.
|
||||
1. If you become aware that your device has been compromised, you should not unlock Molly's database.
|
||||
|
||||
If both of the above conditions are met, the data within Molly is safe as long as the passphrase is not accessible to the attacker.
|
||||
|
||||
To supplement the database encryption feature, Molly securely wipes your device's RAM once the database is locked to defend against forensic analysis.
|
||||
|
||||
While Molly is running, your data is kept in RAM. When any app closes, its data remains in RAM until another app takes the same physical memory pages. That can take seconds or days, depending on many factors. To prevent anyone from dumping the RAM to disk and extracting your data after Molly is locked, the app overrides all free RAM memory with random data when you lock the database.
|
||||
|
||||
There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or Tor (via [Orbot](/android/#orbot)). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
|
||||
|
||||
Signal adds everyone who you have communicated with to its database. Molly allows you to delete those contacts and stop sharing your profile with them.
|
||||
|
||||
To supplement the feature above, as well as for additional security and to fight spam, Molly offers the ability to block unknown contacts that you've never been in contact with or those that are not in your contact list without you having to manually block them.
|
||||
|
||||
You can find a full list of Molly's [features](https://github.com/mollyim/mollyim-android#features) on the project's repository.
|
||||
|
||||
#### Caveats
|
||||
|
||||
- Molly does not support SMS messages within the app, unlike the official Signal app.
|
||||
- Molly removes Signal's Mobilecoin integration.
|
||||
- Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, that are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream.
|
||||
- By using Molly, you are extending your trust to another party, as you now need to trust the Signal team, as well as the Molly team.
|
||||
@ -6,7 +6,7 @@ icon: 'fontawesome/brands/android'
|
||||
These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. We also have additional Android-related information:
|
||||
|
||||
- [General Android Overview and Recommendations :hero-arrow-circle-right-fill:](android/overview.md)
|
||||
- [GrapheneOS vs CalyxOS Comparison :hero-arrow-circle-right-fill:](android/grapheneos-vs-calyxos.md)
|
||||
- [Why we recommend GrapheneOS over CalyxOS :hero-arrow-circle-right-fill:](android/grapheneos-vs-calyxos.md)
|
||||
|
||||
## AOSP Derivatives
|
||||
|
||||
@ -65,26 +65,6 @@ DivestOS implements some system hardening patches originally developed for Graph
|
||||
|
||||
Not all of the supported devices have verified boot, and some perform it better than others.
|
||||
|
||||
### CalyxOS
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**CalyxOS** is a system with some privacy features on top of AOSP, including [Datura](https://calyxos.org/docs/tech/datura-details) firewall, [Signal](https://signal.org) integration in the dialer app, and a built in panic button. CalyxOS also comes with firmware updates and signed builds, so verified boot is fully supported.
|
||||
|
||||
We only recommend CalyxOS as a harm reduction measure for the OnePlus 8T, OnePlus 9, and especially the Fairphone 4 if you need microG.
|
||||
|
||||
[:octicons-home-16: Homepage](https://calyxos.org/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://calyxinstitute.org/legal/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://calyxos.org/docs/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/CalyxOS){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://members.calyxinstitute.org/donate){ .card-link title=Contribute }
|
||||
|
||||
CalyxOS optionally includes [microG](https://microg.org/), a partially open-source reimplementation of Play Services which provides broader app compatibility. It also bundles in alternate location services: [Mozilla](https://location.services.mozilla.com/) and [DejaVu](https://github.com/n76/DejaVu).
|
||||
|
||||
CalyxOS [supports](https://calyxos.org/docs/guide/device-support/) Google Pixel phones, the OnePlus 8T/9/9 Pro and the Fairphone 4.
|
||||
|
||||
## Android Devices
|
||||
|
||||
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
|
||||
@ -126,30 +106,6 @@ A few more tips for purchasing a Google Pixel:
|
||||
- Look at online community bargain sites in your country. These can alert you to good sales.
|
||||
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date }-\text{ Current Date}$, meaning that the longer use of the device the lower cost per day.
|
||||
|
||||
### Other Devices
|
||||
|
||||
The following OEMs are only mentioned as they have phones compatible with the operating systems recommended by us. If you are purchasing a new device, we only recommend purchasing a Google Pixel.
|
||||
|
||||
#### OnePlus
|
||||
|
||||
If you are unable to obtain a Google Pixel, recent OnePlus devices are the next best option if you want to run a custom OS without privileged Play Services. OnePlus 8 and later devices will receive 4 years of security updates from their initial launch date. CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **OnePlus 8T** and **9**.
|
||||
|
||||
DivestOS has support for most OnePlus devices up to the **OnePlus 9 Pro**, with varying levels of support.
|
||||
|
||||
#### Fairphone
|
||||
|
||||
!!! danger
|
||||
|
||||
The Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
|
||||
|
||||
This problem is somewhat mitigated when you install a custom operating system such as CalyxOS or DivestOS and trust the developer's signing keys rather than the stock system keys, however a vulnerability in CalyxOS or DivestOS's recovery environments could still potentially allow an attacker to bypass AVB.
|
||||
|
||||
**To reiterate, you must install a custom operating system with custom boot keys to use Fairphone devices in a secure manner.**
|
||||
|
||||
CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **Fairphone 4**. DivestOS has builds available for the **Fairphone 3**.
|
||||
|
||||
Fairphone markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
|
||||
|
||||
## General Apps
|
||||
|
||||
### Orbot
|
||||
@ -364,12 +320,21 @@ To mitigate these problems, we recommend [Neo Store](https://github.com/NeoAppli
|
||||
|
||||
### Manually with RSS Notifications
|
||||
|
||||
If an app is released on a platform like GitHub, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you be aware of new releases. Using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) on GitHub and append `.atom` to the URL:
|
||||
For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases.
|
||||
|
||||
   
|
||||
|
||||
#### GitHub
|
||||
|
||||
On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
|
||||
|
||||
`https://github.com/GrapheneOS/Camera/releases.atom`
|
||||
|
||||
|
||||
|
||||
#### GitLab
|
||||
|
||||
On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
|
||||
|
||||
`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
|
||||
|
||||
#### Verifying APK Fingerprints
|
||||
|
||||
@ -401,5 +366,3 @@ If you download APK files to install manually, you can verify their signature wi
|
||||
Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
|
||||
Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -1,12 +1,15 @@
|
||||
---
|
||||
title: "GrapheneOS vs CalyxOS"
|
||||
title: "Why we recommend GrapheneOS over CalyxOS"
|
||||
icon: 'material/cellphone-cog'
|
||||
---
|
||||
|
||||
GrapheneOS and CalyxOS are commonly compared as similar options for people looking for an alternative Android OS for their Pixel devices. Below are some of the reasons why we recommend GrapheneOS over CalyxOS.
|
||||
|
||||
## Profiles
|
||||
|
||||
CalyxOS includes a device controller app so there is no need to install a third-party app like Shelter.
|
||||
|
||||
GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. There are plans to add a [cross profile notifications system](https://github.com/GrapheneOS/os-issue-tracker/issues/88) in the future. GrapheneOS plans to introduce nested profile support with better isolation in the future.
|
||||
GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. GrapheneOS also provides [cross-profile notification forwarding](https://grapheneos.org/features#notification-forwarding). GrapheneOS plans to introduce nested profile support with better isolation in the future.
|
||||
|
||||
## Sandboxed Google Play vs Privileged microG
|
||||
|
||||
@ -22,9 +25,11 @@ Local RF location backends like DejaVu require that the phone has a working GPS
|
||||
|
||||
If your threat model requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Play Services.
|
||||
|
||||
In terms of application compatibility, Sandboxed Google Play on GrapheneOS outperforms microG on CalyxOS due to its support for many services which microG has not yet implemented, like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html). Larger apps, especially games, require Play Delivery to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
|
||||
In terms of application compatibility, Sandboxed Google Play on GrapheneOS is always going to be more compatible as it is the same code as what is released by Google. microG is a reimplementation of these services. As a result of that it only supports the various parts that have been reimplemented, meaning some things such as [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html) are not yet supported.
|
||||
|
||||
[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged `untrusted app` SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Play Services, will greatly diminish.
|
||||
Larger apps, especially games, require Play Delivery to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
|
||||
|
||||
[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged [`untrusted app`](https://source.android.com/security/selinux/concepts) SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Play Services, will greatly diminish.
|
||||
|
||||
## Privileged eSIM Activation Application
|
||||
|
||||
@ -32,7 +37,7 @@ Currently, eSIM activation is tied to a privileged proprietary application by Go
|
||||
|
||||
On GrapheneOS, the app comes disabled and can be *optionally* enabled by the user after they have installed Sandboxed Play Services.
|
||||
|
||||
On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and cannot be opted out. This is particularly problematic, as it means Google still has access to the user's hardware identifiers regardless of whether they even need the eSIM activation or not, and can access them persistently.
|
||||
On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and cannot be opted out. This means Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and can be accessed persistently.
|
||||
|
||||
## Privileged App Extensions
|
||||
|
||||
|
||||
@ -34,6 +34,8 @@ Verified Boot ensures the integrity of the operating system files, thereby preve
|
||||
|
||||
Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third-party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.
|
||||
|
||||
Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
|
||||
|
||||
## Firmware Updates
|
||||
|
||||
Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
|
||||
@ -42,16 +44,21 @@ As the components of the phone, such as the processor and radio technologies rel
|
||||
|
||||
EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed.
|
||||
|
||||
Fairphone, for example, markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
|
||||
|
||||
## Android Versions
|
||||
|
||||
It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
|
||||
|
||||
## Android Permissions
|
||||
|
||||
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. The savings you make from not purchasing or subscribing to security apps is better spent on paying for a supported device in the future.
|
||||
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
|
||||
|
||||
Should you want to run an app that you're unsure about, consider using a user or work profile.
|
||||
|
||||
## Media Access
|
||||
Quite a few applications allows you to "share" a file with them for media upload. If you want to, for example, tweet a picture to Twitter, do not grant Twitter access to your "media and photos", because it will have access to all of your pictures then. Instead, go to your file manager (documentsUI), hold onto the picture, then share it with Twitter.
|
||||
|
||||
## User Profiles
|
||||
|
||||
Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android.
|
||||
@ -70,7 +77,7 @@ This method is generally less secure than a secondary user profile; however, it
|
||||
|
||||
## VPN Killswitch
|
||||
|
||||
Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in (:gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**).
|
||||
Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
|
||||
|
||||
## Global Toggles
|
||||
|
||||
@ -122,5 +129,3 @@ You will either be given the option to delete your advertising ID or to *Opt out
|
||||
[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities.
|
||||
|
||||
As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
Submodule docs/assets/brand updated: 1592903b40...e598b2e81f
@ -1,2 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.43429 0 0 .43429 -102.24 -35.595)" stroke-width=".26458"><path d="m313.4 119.93c-7.7343 13.52-22.298 22.631-38.991 22.631-16.692 0-31.256-9.1114-38.991-22.631 7.7346-13.521 22.299-22.632 38.991-22.632 16.693 0 31.257 9.1115 38.991 22.632" fill="#9acc01"/><path d="m298.61 144.6-6.8334-12.569c2.364-3.4422 3.7478-7.6102 3.7478-12.101 0-11.819-9.5811-21.4-21.4-21.4-11.819 0-21.4 9.5806-21.4 21.4 0 11.819 9.5811 21.4 21.4 21.4 4.4736 0 8.6265-1.3727 12.061-3.7206l12.422 6.9937z" fill="#231f20"/><path d="m284.91 125.24c0 5.7915-4.7106 10.502-10.502 10.502-5.7915 0-10.502-4.7106-10.502-10.502v-12.917c0-0.80301 0.65352-1.456 1.4565-1.456 0.80275 0 1.456 0.65299 1.456 1.456v7.8192c0 0.4236 0.34263 0.76623 0.76702 0.76623 8e-3 0 0.0167-2e-3 0.0257-2e-3s0.0164 2e-3 0.0251 2e-3c0.4236 0 0.7665-0.34263 0.7665-0.76623v-11.856c0-0.80354 0.65299-1.4571 1.4565-1.4571s1.4565 0.65352 1.4565 1.4571v11.166c0 0.42387 0.34343 0.76624 0.76677 0.76624 0.42254 0 0.76623-0.34264 0.76623-0.76624v-13.875c0-0.80301 0.65378-1.4555 1.4563-1.4555 0.80354 0 1.4568 0.65246 1.4568 1.4555v13.773c0 0.42413 0.34317 0.76703 0.7665 0.76703 0.42307 0 0.7665-0.34317 0.7665-0.76703v-11.37c0-0.80327 0.65352-1.4565 1.4565-1.4565 0.80327 0 1.456 0.65352 1.456 1.4565v14.555c-1.7436 0.16219-5.8518 1.0464-7.543 5.7222-0.14366 0.39793 0.0622 0.83767 0.46038 0.9824 0.0857 0.031 0.1741 0.0455 0.26009 0.0455 0.31379 0 0.60748-0.19474 0.72125-0.50536 1.7732-4.903 6.6273-4.7546 6.8313-4.7464l0.80354 0.0386v-8.0939c0-0.80301 0.7112-1.4565 1.5843-1.4565 0.87392 0 1.5841 0.65352 1.5841 1.4565v9.2625zm-1.5841-12.253c-0.57864 0-1.1192 0.15557-1.5843 0.41963v-5.4277c0-1.6486-1.3409-2.9901-2.9895-2.9901-0.53314 0-1.0327 0.14261-1.4666 0.38761-0.10398-1.555-1.3991-2.789-2.98-2.789-1.6484 0-2.9893 1.3409-2.9893 2.989v0.10001c-0.4318-0.2413-0.92763-0.381-1.4565-0.381-1.6481 0-2.9893 1.3409-2.9893 2.9901v1.4594c-0.44344-0.26035-0.95752-0.41222-1.5079-0.41222-1.6486 0-2.99 1.3404-2.99 2.9893v12.917c0 6.636 5.3991 12.035 12.036 12.035 6.636 0 12.035-5.3991 12.035-12.035v-9.2631c0-1.6484-1.3981-2.9893-3.1171-2.9893" fill="#9acc01"/></g></svg>
|
||||
|
Before Width: | Height: | Size: 2.2 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 141 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 145 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 12 KiB After Width: | Height: | Size: 9.4 KiB |
BIN
docs/assets/img/android/rss-apk-dark.png
Normal file
BIN
docs/assets/img/android/rss-apk-dark.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 50 KiB |
BIN
docs/assets/img/android/rss-apk-light.png
Normal file
BIN
docs/assets/img/android/rss-apk-light.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 47 KiB |
BIN
docs/assets/img/android/rss-changes-dark.png
Normal file
BIN
docs/assets/img/android/rss-changes-dark.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 96 KiB |
BIN
docs/assets/img/android/rss-changes-light.png
Normal file
BIN
docs/assets/img/android/rss-changes-light.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 93 KiB |
@ -1,2 +1 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg fill="#ffffff" version="1.1" viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg"><g transform="scale(5.3333)"><path d="m0 0h24v24h-24z" fill="none"/><circle cx="12" cy="12" r="3"/><path d="m20 4h-3.17l-1.24-1.35c-0.37-0.41-0.91-0.65-1.47-0.65h-4.24c-0.56 0-1.1 0.24-1.48 0.65l-1.23 1.35h-3.17c-1.1 0-2 0.9-2 2v12c0 1.1 0.9 2 2 2h16c1.1 0 2-0.9 2-2v-12c0-1.1-0.9-2-2-2zm-8 13c-2.76 0-5-2.24-5-5s2.24-5 5-5 5 2.24 5 5-2.24 5-5 5z"/></g></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" fill="#fff" version="1.1" viewBox="0 0 128 128"><g transform="scale(5.3333)"><path fill="none" d="m0 0h24v24h-24z"/><circle cx="12" cy="12" r="3"/><path d="m20 4h-3.17l-1.24-1.35c-0.37-0.41-0.91-0.65-1.47-0.65h-4.24c-0.56 0-1.1 0.24-1.48 0.65l-1.23 1.35h-3.17c-1.1 0-2 0.9-2 2v12c0 1.1 0.9 2 2 2h16c1.1 0 2-0.9 2-2v-12c0-1.1-0.9-2-2-2zm-8 13c-2.76 0-5-2.24-5-5s2.24-5 5-5 5 2.24 5 5-2.24 5-5 5z"/></g></svg>
|
||||
|
Before Width: | Height: | Size: 490 B After Width: | Height: | Size: 447 B |
@ -1,2 +1 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg version="1.1" viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><linearGradient id="a" x2="235.8" y1="119.6" y2="119.6" gradientTransform="scale(.9229 1.084)" gradientUnits="userSpaceOnUse"><stop stop-color="#F50" offset="0"/><stop stop-color="#F50" offset=".4099"/><stop stop-color="#FF2000" offset=".582"/><stop stop-color="#FF2000" offset="1"/></linearGradient><linearGradient id="c" x1="11.3" x2="100.5" y1="46.23" y2="46.23" gradientTransform="scale(1.981 .5049)" gradientUnits="userSpaceOnUse"><stop stop-color="#FF452A" offset="0"/><stop stop-color="#FF2000" offset="1"/></linearGradient><path id="b" d="m170.3 25.34-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813c0 0 26.11-2.36 35.09 12.26 0 0 24.21 4.63 27.47 4.63s10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63c8.976-14.62 35.09-12.26 35.09-12.26-9.248-9.26-28.83-3.813-28.83-3.813"/></defs><g transform="matrix(.50101 0 0 .50101 9.4745 .0060121)" fill-rule="evenodd"><path d="m210 61.28 5.984-14.71s-7.616-8.17-16.86-17.43c-9.248-9.259-28.83-3.812-28.83-3.812l-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813-16.86 17.43-16.86 17.43l5.984 14.71-7.616 21.79s22.4 84.95 25.02 95.32c5.168 20.42 8.704 28.32 23.39 38.67s41.34 28.32 45.7 31.05c4.352 2.724 9.792 7.363 14.69 7.363s10.34-4.64 14.69-7.363 31.01-20.7 45.7-31.05 18.22-18.25 23.39-38.67c2.624-10.37 25.02-95.32 25.02-95.32z" fill="url(#a)"/><path d="m164 41.4s28.69 34.72 28.69 42.14c0 7.421-3.608 9.38-7.237 13.24l-21.51 22.87c-2.036 2.164-6.273 5.445-3.78 11.35 2.492 5.905 6.168 13.42 2.08 21.04-4.089 7.62-11.09 12.71-15.58 11.87-4.489-0.842-15.03-6.357-18.9-8.876-3.876-2.52-16.16-12.66-16.16-16.54s12.7-10.85 15.04-12.43c2.347-1.583 13.05-7.712 13.27-10.12 0.219-2.406 0.136-3.111-3.022-9.055s-8.845-13.88-7.898-19.15c0.946-5.277 10.12-8.02 16.66-10.5 6.545-2.474 19.15-7.148 20.72-7.875 1.575-0.727 1.168-1.42-3.601-1.872-4.768-0.452-18.3-2.251-24.4-0.548-6.1 1.702-16.52 4.293-17.37 5.667-0.844 1.373-1.589 1.42-0.722 6.158 0.867 4.739 5.33 27.48 5.764 31.52 0.433 4.039 1.28 6.709-3.068 7.705-4.35 0.995-11.67 2.724-14.19 2.724s-9.838-1.729-14.19-2.724c-4.35-0.996-3.503-3.666-3.07-7.705 0.434-4.039 4.898-26.78 5.765-31.52s0.122-4.785-0.722-6.158c-0.844-1.374-11.27-3.965-17.37-5.667-6.1-1.703-19.63 0.096-24.4 0.548-4.769 0.453-5.176 1.145-3.602 1.872 1.575 0.727 14.18 5.4 20.72 7.875 6.546 2.475 15.72 5.22 16.66 10.5 0.946 5.278-4.741 13.21-7.899 19.15-3.158 5.944-3.241 6.65-3.022 9.055s10.92 8.534 13.27 10.12 15.04 8.552 15.04 12.43c0 3.882-12.28 14.03-16.16 16.54-3.876 2.52-14.42 8.034-18.9 8.876-4.488 0.84-11.49-4.246-15.58-11.87-4.089-7.621-0.412-15.14 2.08-21.04 2.491-5.905-1.745-9.186-3.78-11.35l-21.51-22.87c-3.629-3.858-7.237-5.817-7.237-13.24 0-7.422 28.69-42.14 28.69-42.14s24.21 4.63 27.47 4.63 10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63zm-21.51 132.8c1.775 1.113 0.692 3.212-0.925 4.357-1.618 1.145-23.36 18-25.47 19.86-2.11 1.864-5.21 4.94-7.318 4.94s-5.209-3.076-7.318-4.94c-2.11-1.863-23.85-18.72-25.47-19.86s-2.7-3.244-0.925-4.357c1.777-1.113 7.333-3.922 15-7.894 7.665-3.972 17.22-7.349 18.71-7.349s11.04 3.377 18.71 7.349 13.22 6.781 15 7.894z" fill="#fff"/><use width="100%" height="100%" fill="url(#c)" xlink:href="#b"/></g></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" viewBox="0 0 128 128"><defs><linearGradient id="a" x2="235.8" y1="119.6" y2="119.6" gradientTransform="scale(.9229 1.084)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#F50"/><stop offset=".41" stop-color="#F50"/><stop offset=".582" stop-color="#FF2000"/><stop offset="1" stop-color="#FF2000"/></linearGradient><linearGradient id="c" x1="11.3" x2="100.5" y1="46.23" y2="46.23" gradientTransform="scale(1.981 .5049)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#FF452A"/><stop offset="1" stop-color="#FF2000"/></linearGradient><path id="b" d="m170.3 25.34-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813c0 0 26.11-2.36 35.09 12.26 0 0 24.21 4.63 27.47 4.63s10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63c8.976-14.62 35.09-12.26 35.09-12.26-9.248-9.26-28.83-3.813-28.83-3.813"/></defs><g fill-rule="evenodd" transform="matrix(.50101 0 0 .50101 9.4745 .0060121)"><path fill="url(#a)" d="m210 61.28 5.984-14.71s-7.616-8.17-16.86-17.43c-9.248-9.259-28.83-3.812-28.83-3.812l-22.3-25.34h-78.34l-22.3 25.34s-19.58-5.447-28.83 3.813-16.86 17.43-16.86 17.43l5.984 14.71-7.616 21.79s22.4 84.95 25.02 95.32c5.168 20.42 8.704 28.32 23.39 38.67s41.34 28.32 45.7 31.05c4.352 2.724 9.792 7.363 14.69 7.363s10.34-4.64 14.69-7.363 31.01-20.7 45.7-31.05 18.22-18.25 23.39-38.67c2.624-10.37 25.02-95.32 25.02-95.32z"/><path fill="#fff" d="m164 41.4s28.69 34.72 28.69 42.14c0 7.421-3.608 9.38-7.237 13.24l-21.51 22.87c-2.036 2.164-6.273 5.445-3.78 11.35 2.492 5.905 6.168 13.42 2.08 21.04-4.089 7.62-11.09 12.71-15.58 11.87-4.489-0.842-15.03-6.357-18.9-8.876-3.876-2.52-16.16-12.66-16.16-16.54s12.7-10.85 15.04-12.43c2.347-1.583 13.05-7.712 13.27-10.12 0.219-2.406 0.136-3.111-3.022-9.055s-8.845-13.88-7.898-19.15c0.946-5.277 10.12-8.02 16.66-10.5 6.545-2.474 19.15-7.148 20.72-7.875 1.575-0.727 1.168-1.42-3.601-1.872-4.768-0.452-18.3-2.251-24.4-0.548-6.1 1.702-16.52 4.293-17.37 5.667-0.844 1.373-1.589 1.42-0.722 6.158 0.867 4.739 5.33 27.48 5.764 31.52 0.433 4.039 1.28 6.709-3.068 7.705-4.35 0.995-11.67 2.724-14.19 2.724s-9.838-1.729-14.19-2.724c-4.35-0.996-3.503-3.666-3.07-7.705 0.434-4.039 4.898-26.78 5.765-31.52s0.122-4.785-0.722-6.158c-0.844-1.374-11.27-3.965-17.37-5.667-6.1-1.703-19.63 0.096-24.4 0.548-4.769 0.453-5.176 1.145-3.602 1.872 1.575 0.727 14.18 5.4 20.72 7.875 6.546 2.475 15.72 5.22 16.66 10.5 0.946 5.278-4.741 13.21-7.899 19.15-3.158 5.944-3.241 6.65-3.022 9.055s10.92 8.534 13.27 10.12 15.04 8.552 15.04 12.43c0 3.882-12.28 14.03-16.16 16.54-3.876 2.52-14.42 8.034-18.9 8.876-4.488 0.84-11.49-4.246-15.58-11.87-4.089-7.621-0.412-15.14 2.08-21.04 2.491-5.905-1.745-9.186-3.78-11.35l-21.51-22.87c-3.629-3.858-7.237-5.817-7.237-13.24 0-7.422 28.69-42.14 28.69-42.14s24.21 4.63 27.47 4.63 10.34-2.724 16.86-4.902c6.528-2.179 10.88-2.195 10.88-2.195s4.352 0.016 10.88 2.195c6.528 2.178 13.6 4.902 16.86 4.902s27.47-4.63 27.47-4.63zm-21.51 132.8c1.775 1.113 0.692 3.212-0.925 4.357-1.618 1.145-23.36 18-25.47 19.86-2.11 1.864-5.21 4.94-7.318 4.94s-5.209-3.076-7.318-4.94c-2.11-1.863-23.85-18.72-25.47-19.86s-2.7-3.244-0.925-4.357c1.777-1.113 7.333-3.922 15-7.894 7.665-3.972 17.22-7.349 18.71-7.349s11.04 3.377 18.71 7.349 13.22 6.781 15 7.894z"/><use width="100%" height="100%" fill="url(#c)" xlink:href="#b"/></g></svg>
|
||||
|
Before Width: | Height: | Size: 3.4 KiB After Width: | Height: | Size: 3.4 KiB |
@ -1,2 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="128" height="128" version="1.1" viewBox="0 0 33.866 33.866" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(1.9999 0 0 1.9999 -.00028793 -560.11)"><g transform="matrix(.1411 0 0 .1411 -22.448 274.09)"><g transform="matrix(6.5975,0,0,6.5975,-881.57,-908.75)"><path d="m166.76 148.57v2.8e-4c-0.0731 1e-3 -0.14646 3e-3 -0.21965 6e-3 -2.0814 0.0983-3.9695 1.2488-5.0113 3.0532-0.27591 0.47789-0.47972 0.97776-0.61543 1.4866 1.8658 0.19779 3.5534 0.93382 4.9049 2.0531 2.7603 1.8081 5.5017 1.1662 7.0499 0.51897 0.40336-2.4423-0.70912-4.988-2.9792-6.2988-0.95179-0.54962-2.0328-0.83212-3.1292-0.81971z" fill="#d0f6ed" stroke-width=".14568"/><path d="m166.59 152.15c-1.5641 9.9e-4 -2.9951 0.51259-3.7051 1.324 0.94324 0.3021 1.8146 0.75292 2.5877 1.3259-1.2e-4 -3.9e-4 -1.6e-4 -1e-3 -2.9e-4 -1e-3 1.3493-0.74086 3.1114-1.2154 4.6422-1.5091-0.75982-0.70753-2.0913-1.1376-3.5245-1.1388v-5.6e-4z" fill="#4de564" stroke-width=".27973"/><path d="m172.56 152.93c-1.6055 0.16301-4.8923 0.66396-7.0864 1.8687 0.12815 0.095 0.25361 0.19321 0.37621 0.29474 2.6929 1.7639 5.3671 1.1376 6.8778 0.50616 0.14847-0.89893 0.0864-1.8121-0.16739-2.6696z" fill="#06c23c" stroke-width=".38858"/><path d="m170.2 144.17c-0.297-8e-3 -0.58809 0.14301-0.74764 0.41937l-0.15266 0.26436c-0.23207 0.40197-0.0953 0.91236 0.30665 1.1444l0.0712 0.0411-0.6784 1.175c-0.68491-0.19996-1.3964-0.30489-2.1144-0.30964l-3e-4 -2.9e-4c-0.13829-9.1e-4 -0.27683 2e-3 -0.41545 8e-3 -2.6278 0.12414-5.0122 1.5767-6.3272 3.8551-2.1338 3.6958-0.86761 8.4218 2.8282 10.556 3.696 2.1338 8.4218 0.86727 10.556-2.8288 1.8213-3.155 1.1646-7.0602-1.3656-9.463l0.67518-1.1694 0.0706 0.0407c0.40198 0.23207 0.91244 0.0953 1.1445-0.30665l0.15259-0.26436c0.23207-0.40197 0.0953-0.91243-0.30665-1.1445l-3.2996-1.905c-0.12562-0.0725-0.26181-0.10907-0.3968-0.11272zm-3.434 4.6336c1.0696-0.0121 2.1243 0.26346 3.0528 0.79964 2.2146 1.2787 3.1576 3.6198 2.7641 6.0024-1.5104 0.63142-4.0427 1.1156-6.7355-0.6483-1.3185-1.0919-2.8225-1.6679-4.6427-1.8609 0.13239-0.49643 0.33106-0.98387 0.60022-1.4501 1.0163-1.7604 2.7165-2.7406 4.7469-2.8365 0.0714-3e-3 0.14275-5e-3 0.21406-6e-3z" fill="#25935e" stroke-width=".28021"/></g></g></g></svg>
|
||||
|
Before Width: | Height: | Size: 2.2 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 7.8 KiB After Width: | Height: | Size: 7.7 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 7.8 KiB After Width: | Height: | Size: 7.7 KiB |
@ -1 +0,0 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.866 33.866"><path fill="#46a546" stroke-width=".275" d="m3.2563 0.90164h27.353c1.804 0 3.2563 1.4523 3.2563 3.2563v1.001e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-27.353c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1.001e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/><path fill="#f89406" stroke-width=".259" d="m3.2563 9.4185h23.546c1.804 0 3.2563 1.4523 3.2563 3.2563v1e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-23.546c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/><path fill="#c43c35" stroke-width=".269" d="m3.2563 17.935h25.95c1.804 0 3.2563 1.4523 3.2563 3.2563v1.01e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-25.95c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1.01e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/><path fill="#999" stroke-width=".212" d="m3.2563 26.452h13.726c1.804 0 3.2563 1.4523 3.2563 3.2563v1e-4c0 1.804-1.4523 3.2563-3.2563 3.2563h-13.726c-1.804 0-3.2563-1.4523-3.2563-3.2563v-1e-4c0-1.804 1.4523-3.2563 3.2563-3.2563z"/></svg>
|
||||
|
Before Width: | Height: | Size: 1.0 KiB |
@ -1,2 +1 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_00000094620430057427565900000015311327790582914980_" x1="796.82" x2="203.77" y1="249.42" y2="1067.3" gradientTransform="matrix(.035694 0 0 -.035694 5.0337e-7 30.979)" gradientUnits="userSpaceOnUse"><stop stop-color="#C8E8FF" offset="0"/><stop stop-color="#BDAEFF" offset=".3075"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><radialGradient id="SVGID_1_" cx="169.05" cy="788.91" r="1" gradientTransform="matrix(-16.88 45.338 60.416 22.494 -44786 -25421)" gradientUnits="userSpaceOnUse"><stop stop-color="#54B7FF" stop-opacity="0" offset=".5561"/><stop stop-color="#54B7FF" offset=".9944"/></radialGradient></defs><g stroke-width=".035694"><path class="st0" d="m5.0337e-7 6.425c0-1.9346 1.567-3.5016 3.5016-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016z" fill="#6851f6"/><path class="st1" d="m0.0071394 6.425c0-1.9346 1.5705-3.5016 3.5052-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016v-21.017z" fill="url(#SVGID_1_)"/><path class="st2" d="m15.373 29.312c0-0.83168 0.29626-1.6384 0.83524-2.2702l6.168-7.2388 0.19632 11.14h-7.1995z" fill="#bfd8ff"/><path d="m3.5016 2.9234c-1.9346 0-3.5016 1.567-3.5016 3.5016v0.68176h23.933c1.5063 0 2.7235 1.2207 2.7235 2.7235v13.914h7.1995v-17.319c0-1.9346-1.567-3.5016-3.5016-3.5016z" clip-rule="evenodd" fill="url(#SVGID_00000094620430057427565900000015311327790582914980_)" fill-rule="evenodd"/><path class="st4" d="m21.406 22.38c0-2.1488 1.7419-3.8907 3.8907-3.8907h8.563v12.454h-12.454z" fill="#fff"/><path class="st5" d="m24.811 26.496h1.2315c0.04997 0.21416 0.1749 0.40334 0.35337 0.53541 0.1749 0.13207 0.39264 0.19989 0.61394 0.18918 0.55683 0 0.92448-0.30697 0.92448-0.75672s-0.38193-0.69961-1.1386-0.69961h-0.48901v-1.0137h0.42476c0.73173 0 1.0316-0.26771 1.0316-0.67462 0-0.40334-0.32482-0.68176-0.77456-0.68176-0.19989-0.01071-0.39978 0.05354-0.54969 0.18561-0.15348 0.13207-0.24629 0.31768-0.26414 0.51757h-1.1886c0.04283-0.70674 0.59966-1.7205 1.9953-1.7205 1.1208 0 1.8954 0.63893 1.8954 1.5384 0 0.28912-0.08924 0.57111-0.26057 0.80312-0.17133 0.23201-0.41048 0.40691-0.68533 0.49258v0.01785c0.32125 0.05711 0.61037 0.22844 0.81383 0.48187 0.20346 0.25343 0.31054 0.57111 0.29983 0.89949 0 0.97445-0.89236 1.6169-2.0453 1.6169-1.2243 0.0071-2.0988-0.6889-2.1881-1.7312z" fill="#6d4aff"/><path class="st5" d="m31.197 22.473h0.89592v5.6718h-1.1565v-4.3511l-1.1137 0.75672v-1.1458z" fill="#6d4aff"/></g></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><defs><linearGradient id="SVGID_00000094620430057427565900000015311327790582914980_" x1="796.82" x2="203.77" y1="249.42" y2="1067.3" gradientTransform="matrix(.035694 0 0 -.035694 5.0337e-7 30.979)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#C8E8FF"/><stop offset=".307" stop-color="#BDAEFF"/><stop offset="1" stop-color="#6D4AFF"/></linearGradient><radialGradient id="SVGID_1_" cx="169.05" cy="788.91" r="1" gradientTransform="matrix(-16.88 45.338 60.416 22.494 -44786 -25421)" gradientUnits="userSpaceOnUse"><stop offset=".556" stop-color="#54B7FF" stop-opacity="0"/><stop offset=".994" stop-color="#54B7FF"/></radialGradient></defs><g stroke-width=".036"><path fill="#6851f6" d="m5.0337e-7 6.425c0-1.9346 1.567-3.5016 3.5016-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016z" class="st0"/><path fill="url(#SVGID_1_)" d="m0.0071394 6.425c0-1.9346 1.5705-3.5016 3.5052-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016v-21.017z" class="st1"/><path fill="#bfd8ff" d="m15.373 29.312c0-0.83168 0.29626-1.6384 0.83524-2.2702l6.168-7.2388 0.19632 11.14h-7.1995z" class="st2"/><path fill="url(#SVGID_00000094620430057427565900000015311327790582914980_)" fill-rule="evenodd" d="m3.5016 2.9234c-1.9346 0-3.5016 1.567-3.5016 3.5016v0.68176h23.933c1.5063 0 2.7235 1.2207 2.7235 2.7235v13.914h7.1995v-17.319c0-1.9346-1.567-3.5016-3.5016-3.5016z" clip-rule="evenodd"/><path fill="#fff" d="m21.406 22.38c0-2.1488 1.7419-3.8907 3.8907-3.8907h8.563v12.454h-12.454z" class="st4"/><path fill="#6d4aff" d="m24.811 26.496h1.2315c0.04997 0.21416 0.1749 0.40334 0.35337 0.53541 0.1749 0.13207 0.39264 0.19989 0.61394 0.18918 0.55683 0 0.92448-0.30697 0.92448-0.75672s-0.38193-0.69961-1.1386-0.69961h-0.48901v-1.0137h0.42476c0.73173 0 1.0316-0.26771 1.0316-0.67462 0-0.40334-0.32482-0.68176-0.77456-0.68176-0.19989-0.01071-0.39978 0.05354-0.54969 0.18561-0.15348 0.13207-0.24629 0.31768-0.26414 0.51757h-1.1886c0.04283-0.70674 0.59966-1.7205 1.9953-1.7205 1.1208 0 1.8954 0.63893 1.8954 1.5384 0 0.28912-0.08924 0.57111-0.26057 0.80312-0.17133 0.23201-0.41048 0.40691-0.68533 0.49258v0.01785c0.32125 0.05711 0.61037 0.22844 0.81383 0.48187 0.20346 0.25343 0.31054 0.57111 0.29983 0.89949 0 0.97445-0.89236 1.6169-2.0453 1.6169-1.2243 0.0071-2.0988-0.6889-2.1881-1.7312z" class="st5"/><path fill="#6d4aff" d="m31.197 22.473h0.89592v5.6718h-1.1565v-4.3511l-1.1137 0.75672v-1.1458z" class="st5"/></g></svg>
|
||||
|
Before Width: | Height: | Size: 2.7 KiB After Width: | Height: | Size: 2.6 KiB |
@ -1,2 +1 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_00000019652434788841659490000008021016220503567533_" x1="-12.632" x2="1173" y1="1195.6" y2="-107.33" gradientTransform="matrix(.035706 0 0 -.035706 -1.6667e-6 30.985)" gradientUnits="userSpaceOnUse"><stop stop-color="#6D4AFF" offset="0"/><stop stop-color="#AE8CFF" offset=".3593"/><stop stop-color="#F8CCFF" offset="1"/></linearGradient><radialGradient id="SVGID_1_" cx="169.06" cy="788.93" r="1" gradientTransform="matrix(-21.468 43.868 68.249 33.399 -50186 -33775)" gradientUnits="userSpaceOnUse"><stop stop-color="#FF62C0" stop-opacity="0" offset=".5561"/><stop stop-color="#FF62C0" offset=".9944"/></radialGradient></defs><g stroke-width=".035705"><path class="st0" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" fill="#6851f6"/><path class="st1" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" fill="url(#SVGID_1_)"/><path d="m15.96 5.7414h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-3.6991v-18.278c0-1.5103-1.2283-2.735-2.7422-2.7243l-13.265 0.075c-0.57129 4e-3 -1.1283-0.17138-1.596-0.50344l-2.9528-2.0995c-0.4606-0.32849-1.014-0.50345-1.5782-0.50345h-4.531v-0.48916c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.846 0.60343z" clip-rule="evenodd" fill="url(#SVGID_00000019652434788841659490000008021016220503567533_)" fill-rule="evenodd"/></g></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><defs><linearGradient id="SVGID_00000019652434788841659490000008021016220503567533_" x1="-12.632" x2="1173" y1="1195.6" y2="-107.33" gradientTransform="matrix(.035706 0 0 -.035706 -1.6667e-6 30.985)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#6D4AFF"/><stop offset=".359" stop-color="#AE8CFF"/><stop offset="1" stop-color="#F8CCFF"/></linearGradient><radialGradient id="SVGID_1_" cx="169.06" cy="788.93" r="1" gradientTransform="matrix(-21.468 43.868 68.249 33.399 -50186 -33775)" gradientUnits="userSpaceOnUse"><stop offset=".556" stop-color="#FF62C0" stop-opacity="0"/><stop offset=".994" stop-color="#FF62C0"/></radialGradient></defs><g stroke-width=".036"><path fill="#6851f6" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" class="st0"/><path fill="url(#SVGID_1_)" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" class="st1"/><path fill="url(#SVGID_00000019652434788841659490000008021016220503567533_)" fill-rule="evenodd" d="m15.96 5.7414h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-3.6991v-18.278c0-1.5103-1.2283-2.735-2.7422-2.7243l-13.265 0.075c-0.57129 4e-3 -1.1283-0.17138-1.596-0.50344l-2.9528-2.0995c-0.4606-0.32849-1.014-0.50345-1.5782-0.50345h-4.531v-0.48916c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.846 0.60343z" clip-rule="evenodd"/></g></svg>
|
||||
|
Before Width: | Height: | Size: 2.0 KiB After Width: | Height: | Size: 2.0 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 8.1 KiB After Width: | Height: | Size: 8.0 KiB |
@ -1,15 +1 @@
|
||||
<svg width="979" height="785" viewBox="0 0 979 785" fill="none" xmlns="http://www.w3.org/2000/svg">
|
||||
<path d="M0 22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L941.85 5.23618C956.511 -6.94591 978.723 3.48621 978.723 22.5541V683.7C978.723 739.646 933.393 785 877.476 785H101.247C45.3299 785 0 739.646 0 683.7V22.5541Z" fill="#6D4AFF"/>
|
||||
<path fill-rule="evenodd" clip-rule="evenodd" d="M621.492 271.42L621.546 271.464L426.244 444.071C392.975 473.475 343.246 474.216 309.116 445.817L0 188.604V22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L621.492 271.42Z" fill="url(#paint0_linear_6150_150885)"/>
|
||||
<path fill-rule="evenodd" clip-rule="evenodd" d="M770.604 147.526V785H877.476C933.393 785 978.723 739.642 978.723 683.699V22.5548C978.723 3.4868 956.51 -6.94715 941.849 5.23724L770.604 147.526Z" fill="url(#paint1_linear_6150_150885)"/>
|
||||
<defs>
|
||||
<linearGradient id="paint0_linear_6150_150885" x1="738.261" y1="384.02" x2="514.95" y2="-568.829" gradientUnits="userSpaceOnUse">
|
||||
<stop stop-color="#E2DBFF"/>
|
||||
<stop offset="1" stop-color="#6D4AFF"/>
|
||||
</linearGradient>
|
||||
<linearGradient id="paint1_linear_6150_150885" x1="1276.84" y1="1301.35" x2="514.868" y2="-325.532" gradientUnits="userSpaceOnUse">
|
||||
<stop offset="0.271019" stop-color="#E2DBFF"/>
|
||||
<stop offset="1" stop-color="#6D4AFF"/>
|
||||
</linearGradient>
|
||||
</defs>
|
||||
</svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="979" height="785" fill="none" viewBox="0 0 979 785"><path fill="#6D4AFF" d="M0 22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L941.85 5.23618C956.511 -6.94591 978.723 3.48621 978.723 22.5541V683.7C978.723 739.646 933.393 785 877.476 785H101.247C45.3299 785 0 739.646 0 683.7V22.5541Z"/><path fill="url(#paint0_linear_6150_150885)" fill-rule="evenodd" d="M621.492 271.42L621.546 271.464L426.244 444.071C392.975 473.475 343.246 474.216 309.116 445.817L0 188.604V22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L621.492 271.42Z" clip-rule="evenodd"/><path fill="url(#paint1_linear_6150_150885)" fill-rule="evenodd" d="M770.604 147.526V785H877.476C933.393 785 978.723 739.642 978.723 683.699V22.5548C978.723 3.4868 956.51 -6.94715 941.849 5.23724L770.604 147.526Z" clip-rule="evenodd"/><defs><linearGradient id="paint0_linear_6150_150885" x1="738.261" x2="514.95" y1="384.02" y2="-568.829" gradientUnits="userSpaceOnUse"><stop stop-color="#E2DBFF"/><stop offset="1" stop-color="#6D4AFF"/></linearGradient><linearGradient id="paint1_linear_6150_150885" x1="1276.84" x2="514.868" y1="1301.35" y2="-325.532" gradientUnits="userSpaceOnUse"><stop offset=".271" stop-color="#E2DBFF"/><stop offset="1" stop-color="#6D4AFF"/></linearGradient></defs></svg>
|
||||
|
Before Width: | Height: | Size: 1.4 KiB After Width: | Height: | Size: 1.4 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 5.5 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 18 KiB |
2
docs/assets/img/messengers/molly.svg
Normal file
2
docs/assets/img/messengers/molly.svg
Normal file
@ -0,0 +1,2 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="127.99" height="128" version="1.1" viewBox="0 0 33.864 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(-48.383 -89.279)"><g transform="matrix(.083544 0 0 .083551 36.799 77.694)"><path d="m220.51 504.06 120.82 39.937 1.2e-4 4e-5 -143.92-5e-5zm323.49-162.73c0 111.93-90.737 202.67-202.67 202.67-111.93-1e-5 -202.67-90.737-202.67-202.67s90.737-202.67 202.67-202.67c111.93 0 202.67 90.737 202.67 202.67z" fill="#7663f0"/><g transform="translate(-5.1601e-6,-4.0973)"><circle cx="341" cy="433.47" r="23.536" fill="#f9f8fe" stroke-width=".64448"/><circle cx="439.19" cy="375.64" r="23.536" fill="#aaa4ce" stroke-width=".64448"/><circle cx="242.81" cy="375.64" r="23.536" fill="#cba1fe" stroke-width=".64447"/><g stroke-width=".64448"><circle cx="439.19" cy="433.47" r="23.536" fill="#f9f8fe"/><circle cx="439.19" cy="317.82" r="23.536" fill="#aacdf4"/><circle cx="242.81" cy="260" r="23.536" fill="#4b0f9f"/></g><circle cx="242.81" cy="317.82" r="23.536" fill="#aaa4ce" stroke-width=".64447"/><g stroke-width=".64448"><circle cx="242.81" cy="433.47" r="23.536" fill="#f9f8fe"/><circle cx="341" cy="317.82" r="23.536" fill="#4b0f9f"/><circle cx="341" cy="375.64" r="23.536" fill="#aacdf4"/></g><circle cx="439.19" cy="260" r="23.536" fill="#4b0f9f" stroke-width=".64447"/></g></g></g></svg>
|
||||
|
After Width: | Height: | Size: 1.3 KiB |
@ -1,8 +1 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg id="vector" version="1.1" viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg">
|
||||
<g id="group" transform="matrix(2.5666 0 0 2.5666 -73.625 -74.595)">
|
||||
<path id="path" d="m28.686 54c0-6.611 2.629-12.958 7.304-17.632 4.674-4.675 11.021-7.304 17.632-7.304s12.958 2.629 17.633 7.304c4.674 4.674 7.303 11.021 7.303 17.632s-2.629 12.958-7.303 17.632c-4.675 4.675-11.022 7.304-17.633 7.304s-12.958-2.629-17.632-7.304c-4.675-4.674-7.304-11.021-7.304-17.632" fill="#fff"/>
|
||||
<path d="m48.42 40.201v21.793h21.795v-21.793zm2.8184 2.8184h16.156v11.051l-4.1621-4.0703-4.9883 5.3047-3.1465-3.0469-3.8594 4.1738zm6.4609 1.9727c-1.1964 0.01026-2.4063 1.0128-2.334 2.2812-0.0012 0.186 0.02158 0.37225 0.06641 0.55273 0.27682 1.4976 2.226 2.1821 3.4512 1.3633 1.3815-0.81242 1.3037-3.0455-0.04102-3.8496-0.34791-0.2441-0.74378-0.35108-1.1426-0.34766z" fill="#009688"/>
|
||||
<path d="m43.2 48.735c-0.807 0-1.461-0.654-1.461-1.461v-6.667c0-3.679 2.993-6.673 6.672-6.673s6.7339 2.5864 6.7339 6.2654l-2.9045 0.01627c0-2.068-1.7614-3.3587-3.8294-3.3587s-3.75 1.682-3.75 3.75v6.667c0 0.807-0.654 1.461-1.461 1.461zm0-6.787-7.013 6.818v20.141h14.026v-20.141zm0 7.429c-1.143 0-2.07-0.927-2.07-2.07s0.927-2.07 2.07-2.07 2.07 0.927 2.07 2.07-0.927 2.07-2.07 2.07z" fill="#00675b"/>
|
||||
</g>
|
||||
</svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" id="vector" version="1.1" viewBox="0 0 128 128"><g id="group" transform="matrix(2.5666 0 0 2.5666 -73.625 -74.595)"><path id="path" fill="#fff" d="m28.686 54c0-6.611 2.629-12.958 7.304-17.632 4.674-4.675 11.021-7.304 17.632-7.304s12.958 2.629 17.633 7.304c4.674 4.674 7.303 11.021 7.303 17.632s-2.629 12.958-7.303 17.632c-4.675 4.675-11.022 7.304-17.633 7.304s-12.958-2.629-17.632-7.304c-4.675-4.674-7.304-11.021-7.304-17.632"/><path fill="#009688" d="m48.42 40.201v21.793h21.795v-21.793zm2.8184 2.8184h16.156v11.051l-4.1621-4.0703-4.9883 5.3047-3.1465-3.0469-3.8594 4.1738zm6.4609 1.9727c-1.1964 0.01026-2.4063 1.0128-2.334 2.2812-0.0012 0.186 0.02158 0.37225 0.06641 0.55273 0.27682 1.4976 2.226 2.1821 3.4512 1.3633 1.3815-0.81242 1.3037-3.0455-0.04102-3.8496-0.34791-0.2441-0.74378-0.35108-1.1426-0.34766z"/><path fill="#00675b" d="m43.2 48.735c-0.807 0-1.461-0.654-1.461-1.461v-6.667c0-3.679 2.993-6.673 6.672-6.673s6.7339 2.5864 6.7339 6.2654l-2.9045 0.01627c0-2.068-1.7614-3.3587-3.8294-3.3587s-3.75 1.682-3.75 3.75v6.667c0 0.807-0.654 1.461-1.461 1.461zm0-6.787-7.013 6.818v20.141h14.026v-20.141zm0 7.429c-1.143 0-2.07-0.927-2.07-2.07s0.927-2.07 2.07-2.07 2.07 0.927 2.07 2.07-0.927 2.07-2.07 2.07z"/></g></svg>
|
||||
|
Before Width: | Height: | Size: 1.3 KiB After Width: | Height: | Size: 1.2 KiB |
@ -1,2 +1 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="a" x1="31.064" x2="45.126" y1="56.825" y2="56.825" gradientTransform="scale(1.0331 .96797)" gradientUnits="userSpaceOnUse"><stop stop-color="#FFF" offset="0"/><stop stop-color="#F4F4F4" offset="1"/></linearGradient></defs><g transform="matrix(.43756 0 0 .43756 1.2096 2.8221)" fill="none" fill-rule="evenodd"><circle cx="32.25" cy="32.25" r="32.25" stroke="#a4a7ad" stroke-width="5.529"/><circle cx="69.106" cy="61.735" r="5.529" fill="#a4a7ad" fill-rule="nonzero"/><path d="m52.142 26.87-1.448-3.855 1.006-2.215a0.747 0.747 0 0 0-0.157-0.84l-2.736-2.715a4.483 4.483 0 0 0-4.591-1.047l-0.765 0.26-3.997-4.48h-14.697l-3.945 4.534-0.744-0.257a4.494 4.494 0 0 0-4.635 1.058l-2.785 2.765a0.592 0.592 0 0 0-0.124 0.67l1.051 2.298-1.44 3.853 0.932 3.474 4.247 15.832a8.055 8.055 0 0 0 3.182 4.519s5.156 3.566 10.244 6.804c0.448 0.285 0.916 0.494 1.418 0.486 0.502 7e-3 0.97-0.201 1.416-0.487a377.05 377.05 0 0 0 10.236-6.817 8.07 8.07 0 0 0 3.177-4.523l4.227-15.84 0.928-3.478z" fill="#fb542b"/><path d="m47.622 27.635-0.066 0.206-0.105 0.37c-0.424 0.502-0.864 0.991-1.319 1.466l-4.082 4.255c-0.444 0.462-0.695 1.043-0.442 1.627l0.551 1.331c0.253 0.584 0.278 1.551 0.035 2.2a3.922 3.922 0 0 1-1.227 1.689l-0.426 0.34c-0.503 0.402-1.393 0.507-1.979 0.234l-1.88-0.874a9.75 9.75 0 0 1-1.941-1.268l-1.779-1.568a0.798 0.798 0 0 1-0.044-1.162l4.333-2.865c0.537-0.355 0.821-1.012 0.516-1.573l-1.54-2.747c-0.306-0.56-0.428-1.305-0.272-1.655s0.78-0.82 1.387-1.045l5.029-1.832c0.606-0.225 0.574-0.457-0.072-0.517l-3.213-0.234c-0.646-0.06-1.12 0.032-1.744 0.203l-2.432 0.59c-0.625 0.171-0.757 0.822-0.64 1.446l1.004 5.334c0.117 0.624 0.175 1.253 0.128 1.398-0.047 0.144-0.603 0.377-1.236 0.518l-0.831 0.184c-0.633 0.141-1.669 0.147-2.303 0.015l-1.006-0.21c-0.635-0.132-1.192-0.359-1.239-0.503-0.048-0.144 9e-3 -0.774 0.127-1.398l0.997-5.335c0.117-0.624-0.016-1.275-0.641-1.445l-2.433-0.587c-0.624-0.17-1.098-0.26-1.744-0.201l-3.213 0.237c-0.646 0.06-0.678 0.292-0.071 0.517l5.031 1.826c0.607 0.224 1.231 0.694 1.388 1.044s0.035 1.094-0.269 1.654l-1.538 2.749c-0.304 0.56-0.019 1.217 0.519 1.572l4.336 2.861a0.799 0.799 0 0 1-0.042 1.162l-1.778 1.57c-0.594 0.5-1.245 0.926-1.94 1.27l-1.878 0.877c-0.586 0.273-1.476 0.169-1.979-0.231l-0.426-0.34a3.98 3.98 0 0 1-1.25-1.741c-0.223-0.596-0.2-1.562 0.052-2.147l0.55-1.331c0.252-0.585 1e-3 -1.165-0.444-1.627l-4.087-4.25a31.971 31.971 0 0 1-1.32-1.464l-0.106-0.37-0.066-0.207c-7e-3 -0.238 0.08-0.995 0.179-1.2 0.098-0.204 0.476-0.802 0.839-1.328l0.874-1.268c0.364-0.526 0.991-1.362 1.395-1.86l1.282-1.574c0.404-0.496 0.749-0.9 0.801-0.897 2e-3 -3e-3 0.525 0.093 1.162 0.212l1.942 0.365c0.636 0.12 1.339 0.251 1.561 0.292 0.221 0.041 0.908-0.085 1.525-0.281l1.396-0.443c0.687-0.216 1.38-0.407 2.08-0.575l0.489 7e-3 0.488-7e-3c0.7 0.166 1.393 0.357 2.08 0.571l1.398 0.442c0.617 0.195 1.303 0.321 1.525 0.28l1.288-0.243 0.272-0.052 1.942-0.367c0.636-0.12 1.159-0.216 1.197-0.213 0.017-3e-3 0.361 0.4 0.766 0.897l1.284 1.572c0.486 0.604 0.952 1.224 1.398 1.858l0.876 1.266c0.363 0.526 0.931 1.482 0.967 1.7 0.036 0.217 0.06 0.59 0.054 0.827zm-15.271 12.696c0.057 0 0.594 0.198 1.193 0.441l0.556 0.226c0.599 0.243 1.563 0.677 2.141 0.964l1.64 0.816c0.578 0.287 0.62 0.825 0.092 1.195l-1.399 0.98c-0.633 0.45-1.247 0.926-1.842 1.426l-0.465 0.397-1.3 1.111c-0.484 0.415-1.269 0.416-1.744 6e-3 -0.58-0.502-1.163-1.001-1.749-1.497a28.88 28.88 0 0 0-1.847-1.414l-1.394-0.964c-0.53-0.367-0.493-0.907 0.082-1.2l1.649-0.841c0.7-0.351 1.412-0.677 2.135-0.977l0.556-0.226c0.598-0.243 1.135-0.443 1.192-0.443z" fill="url(#a)"/></g></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><defs><linearGradient id="a" x1="31.064" x2="45.126" y1="56.825" y2="56.825" gradientTransform="scale(1.0331 .96797)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#FFF"/><stop offset="1" stop-color="#F4F4F4"/></linearGradient></defs><g fill="none" fill-rule="evenodd" transform="matrix(.43756 0 0 .43756 1.2096 2.8221)"><circle cx="32.25" cy="32.25" r="32.25" stroke="#a4a7ad" stroke-width="5.529"/><circle cx="69.106" cy="61.735" r="5.529" fill="#a4a7ad" fill-rule="nonzero"/><path fill="#fb542b" d="m52.142 26.87-1.448-3.855 1.006-2.215a0.747 0.747 0 0 0-0.157-0.84l-2.736-2.715a4.483 4.483 0 0 0-4.591-1.047l-0.765 0.26-3.997-4.48h-14.697l-3.945 4.534-0.744-0.257a4.494 4.494 0 0 0-4.635 1.058l-2.785 2.765a0.592 0.592 0 0 0-0.124 0.67l1.051 2.298-1.44 3.853 0.932 3.474 4.247 15.832a8.055 8.055 0 0 0 3.182 4.519s5.156 3.566 10.244 6.804c0.448 0.285 0.916 0.494 1.418 0.486 0.502 7e-3 0.97-0.201 1.416-0.487a377.05 377.05 0 0 0 10.236-6.817 8.07 8.07 0 0 0 3.177-4.523l4.227-15.84 0.928-3.478z"/><path fill="url(#a)" d="m47.622 27.635-0.066 0.206-0.105 0.37c-0.424 0.502-0.864 0.991-1.319 1.466l-4.082 4.255c-0.444 0.462-0.695 1.043-0.442 1.627l0.551 1.331c0.253 0.584 0.278 1.551 0.035 2.2a3.922 3.922 0 0 1-1.227 1.689l-0.426 0.34c-0.503 0.402-1.393 0.507-1.979 0.234l-1.88-0.874a9.75 9.75 0 0 1-1.941-1.268l-1.779-1.568a0.798 0.798 0 0 1-0.044-1.162l4.333-2.865c0.537-0.355 0.821-1.012 0.516-1.573l-1.54-2.747c-0.306-0.56-0.428-1.305-0.272-1.655s0.78-0.82 1.387-1.045l5.029-1.832c0.606-0.225 0.574-0.457-0.072-0.517l-3.213-0.234c-0.646-0.06-1.12 0.032-1.744 0.203l-2.432 0.59c-0.625 0.171-0.757 0.822-0.64 1.446l1.004 5.334c0.117 0.624 0.175 1.253 0.128 1.398-0.047 0.144-0.603 0.377-1.236 0.518l-0.831 0.184c-0.633 0.141-1.669 0.147-2.303 0.015l-1.006-0.21c-0.635-0.132-1.192-0.359-1.239-0.503-0.048-0.144 9e-3 -0.774 0.127-1.398l0.997-5.335c0.117-0.624-0.016-1.275-0.641-1.445l-2.433-0.587c-0.624-0.17-1.098-0.26-1.744-0.201l-3.213 0.237c-0.646 0.06-0.678 0.292-0.071 0.517l5.031 1.826c0.607 0.224 1.231 0.694 1.388 1.044s0.035 1.094-0.269 1.654l-1.538 2.749c-0.304 0.56-0.019 1.217 0.519 1.572l4.336 2.861a0.799 0.799 0 0 1-0.042 1.162l-1.778 1.57c-0.594 0.5-1.245 0.926-1.94 1.27l-1.878 0.877c-0.586 0.273-1.476 0.169-1.979-0.231l-0.426-0.34a3.98 3.98 0 0 1-1.25-1.741c-0.223-0.596-0.2-1.562 0.052-2.147l0.55-1.331c0.252-0.585 1e-3 -1.165-0.444-1.627l-4.087-4.25a31.971 31.971 0 0 1-1.32-1.464l-0.106-0.37-0.066-0.207c-7e-3 -0.238 0.08-0.995 0.179-1.2 0.098-0.204 0.476-0.802 0.839-1.328l0.874-1.268c0.364-0.526 0.991-1.362 1.395-1.86l1.282-1.574c0.404-0.496 0.749-0.9 0.801-0.897 2e-3 -3e-3 0.525 0.093 1.162 0.212l1.942 0.365c0.636 0.12 1.339 0.251 1.561 0.292 0.221 0.041 0.908-0.085 1.525-0.281l1.396-0.443c0.687-0.216 1.38-0.407 2.08-0.575l0.489 7e-3 0.488-7e-3c0.7 0.166 1.393 0.357 2.08 0.571l1.398 0.442c0.617 0.195 1.303 0.321 1.525 0.28l1.288-0.243 0.272-0.052 1.942-0.367c0.636-0.12 1.159-0.216 1.197-0.213 0.017-3e-3 0.361 0.4 0.766 0.897l1.284 1.572c0.486 0.604 0.952 1.224 1.398 1.858l0.876 1.266c0.363 0.526 0.931 1.482 0.967 1.7 0.036 0.217 0.06 0.59 0.054 0.827zm-15.271 12.696c0.057 0 0.594 0.198 1.193 0.441l0.556 0.226c0.599 0.243 1.563 0.677 2.141 0.964l1.64 0.816c0.578 0.287 0.62 0.825 0.092 1.195l-1.399 0.98c-0.633 0.45-1.247 0.926-1.842 1.426l-0.465 0.397-1.3 1.111c-0.484 0.415-1.269 0.416-1.744 6e-3 -0.58-0.502-1.163-1.001-1.749-1.497a28.88 28.88 0 0 0-1.847-1.414l-1.394-0.964c-0.53-0.367-0.493-0.907 0.082-1.2l1.649-0.841c0.7-0.351 1.412-0.677 2.135-0.977l0.556-0.226c0.598-0.243 1.135-0.443 1.192-0.443z"/></g></svg>
|
||||
|
Before Width: | Height: | Size: 3.6 KiB After Width: | Height: | Size: 3.6 KiB |
@ -1,2 +1 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><clipPath id="SVGID_00000142168627081468672430000006527680084326249886_"><use xlink:href="#SVGID_1_"/></clipPath><linearGradient id="SVGID_00000088853459014864040730000009902632102805990829_" x1="536.6" x2="292.94" y1="1113.2" y2="64.084" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#24ECC6" stop-opacity="0" offset=".4799"/><stop stop-color="#24ECC6" offset=".9944"/></linearGradient><linearGradient id="SVGID_00000075863372972845837890000016599907698185993344_" x1="759.68" x2="219.42" y1="79.312" y2="1003.2" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#ABFFEF" offset=".066012"/><stop stop-color="#CAC9FF" offset=".4499"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><rect id="SVGID_1_" width="862" height="787"/></defs><g transform="matrix(.039294 0 0 .039294 3.7235e-7 1.4686)"><clipPath><use xlink:href="#SVGID_1_"/></clipPath><g clip-path="url(#SVGID_00000142168627081468672430000006527680084326249886_)"><path class="st1" d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.1c-72.7-8.3-124.4 68.9-89.1 132.9z" clip-rule="evenodd" fill="#6851f6" fill-rule="evenodd"/><path d="m346.3 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.2c-72.7-8.3-124.4 68.9-89 132.9z" clip-rule="evenodd" fill="url(#SVGID_00000088853459014864040730000009902632102805990829_)" fill-rule="evenodd"/><path d="m396.4 638.7-30.8 46.3c-12.5 18.7-40.4 17.6-51.2-2.1l31.7 57.5c5.7 10.2 12.8 18.8 21.1 25.7 39.3 33 102.2 27.1 133-19.8l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.5-78.2c-72.7-8.4-124.4 68.9-89.1 132.9l2.7 4.9 580.1 67.1c37 4.3 56.5 46 36 77.1z" fill="url(#SVGID_00000075863372972845837890000016599907698185993344_)"/></g></g></svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><defs><clipPath id="SVGID_00000142168627081468672430000006527680084326249886_"><use xlink:href="#SVGID_1_"/></clipPath><linearGradient id="SVGID_00000088853459014864040730000009902632102805990829_" x1="536.6" x2="292.94" y1="1113.2" y2="64.084" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop offset=".48" stop-color="#24ECC6" stop-opacity="0"/><stop offset=".994" stop-color="#24ECC6"/></linearGradient><linearGradient id="SVGID_00000075863372972845837890000016599907698185993344_" x1="759.68" x2="219.42" y1="79.312" y2="1003.2" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop offset=".066" stop-color="#ABFFEF"/><stop offset=".45" stop-color="#CAC9FF"/><stop offset="1" stop-color="#6D4AFF"/></linearGradient><rect id="SVGID_1_" width="862" height="787"/></defs><g transform="matrix(.039294 0 0 .039294 3.7235e-7 1.4686)"><clipPath><use xlink:href="#SVGID_1_"/></clipPath><g clip-path="url(#SVGID_00000142168627081468672430000006527680084326249886_)"><path fill="#6851f6" fill-rule="evenodd" d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.1c-72.7-8.3-124.4 68.9-89.1 132.9z" class="st1" clip-rule="evenodd"/><path fill="url(#SVGID_00000088853459014864040730000009902632102805990829_)" fill-rule="evenodd" d="m346.3 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.2c-72.7-8.3-124.4 68.9-89 132.9z" clip-rule="evenodd"/><path fill="url(#SVGID_00000075863372972845837890000016599907698185993344_)" d="m396.4 638.7-30.8 46.3c-12.5 18.7-40.4 17.6-51.2-2.1l31.7 57.5c5.7 10.2 12.8 18.8 21.1 25.7 39.3 33 102.2 27.1 133-19.8l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.5-78.2c-72.7-8.4-124.4 68.9-89.1 132.9l2.7 4.9 580.1 67.1c37 4.3 56.5 46 36 77.1z"/></g></g></svg>
|
||||
|
Before Width: | Height: | Size: 2.0 KiB After Width: | Height: | Size: 1.9 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 12 KiB |
@ -1,15 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE svg PUBLIC '-//W3C//DTD SVG 1.1//EN' 'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'>
|
||||
<svg clip-rule="evenodd" fill-rule="evenodd" stroke-linejoin="round" stroke-miterlimit="2" version="1.1" viewBox="0 0 33 34" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<path d="m4.581 4.337c-0.113 0.379-0.049 0.822 0.077 1.707l1.604 11.224c0.277 1.939 0.415 2.909 0.782 3.775 0.325 0.768 0.781 1.474 1.346 2.087 0.638 0.691 1.465 1.217 3.117 2.269l2.349 1.495c1.126 0.716 1.69 1.075 2.295 1.214 0.465 0.108 0.947 0.121 1.416 0.042-0.388-0.887-0.603-1.867-0.603-2.897 0-3.996 3.24-7.236 7.236-7.236 1.166 0 2.268 0.276 3.243 0.766 0.069-0.432 0.14-0.929 0.223-1.514v-1e-3l1.604-11.224c0.126-0.885 0.19-1.328 0.077-1.707-0.099-0.334-0.292-0.632-0.557-0.859-0.3-0.257-0.73-0.38-1.59-0.626l-9.441-2.697c-0.296-0.085-0.444-0.127-0.594-0.144-0.134-0.015-0.268-0.015-0.402 0-0.15 0.017-0.298 0.059-0.594 0.144l-9.441 2.697c-0.86 0.246-1.29 0.369-1.59 0.626-0.265 0.227-0.458 0.525-0.557 0.859z" fill="#ffd06f"/>
|
||||
<clipPath id="_clip1">
|
||||
<path d="m4.581 4.337c-0.113 0.379-0.049 0.822 0.077 1.707l1.604 11.224c0.277 1.939 0.415 2.909 0.782 3.775 0.325 0.768 0.781 1.474 1.346 2.087 0.638 0.691 1.465 1.217 3.117 2.269l2.349 1.495c1.126 0.716 1.69 1.075 2.295 1.214 0.465 0.108 0.947 0.121 1.416 0.042-0.388-0.887-0.603-1.867-0.603-2.897 0-3.996 3.24-7.236 7.236-7.236 1.166 0 2.268 0.276 3.243 0.766 0.069-0.432 0.14-0.929 0.223-1.514v-1e-3l1.604-11.224c0.126-0.885 0.19-1.328 0.077-1.707-0.099-0.334-0.292-0.632-0.557-0.859-0.3-0.257-0.73-0.38-1.59-0.626l-9.441-2.697c-0.296-0.085-0.444-0.127-0.594-0.144-0.134-0.015-0.268-0.015-0.402 0-0.15 0.017-0.298 0.059-0.594 0.144l-9.441 2.697c-0.86 0.246-1.29 0.369-1.59 0.626-0.265 0.227-0.458 0.525-0.557 0.859z"/>
|
||||
</clipPath>
|
||||
<g clip-path="url(#_clip1)">
|
||||
<use transform="scale(.99533 .97244)" x="4.544" width="24.883px" height="28.201px" xlink:href="#_Image2"/>
|
||||
</g>
|
||||
<path d="m13.246 2.719c0.066-7e-3 0.134-7e-3 0.201 0 0.057 7e-3 0.122 0.022 0.446 0.114l9.44 2.698c0.444 0.126 0.727 0.208 0.94 0.287 0.202 0.075 0.274 0.124 0.311 0.156 0.132 0.113 0.229 0.262 0.278 0.429 0.014 0.047 0.03 0.133 0.016 0.348-0.015 0.226-0.056 0.518-0.122 0.974l-1.346 9.426c-4.125 0.397-7.351 3.873-7.351 8.102 0 0.835 0.126 1.641 0.36 2.4l-0.451 0.286c-1.183 0.753-1.594 1.001-2.012 1.097-0.401 0.092-0.818 0.092-1.22 0-0.417-0.096-0.829-0.344-2.012-1.097l-2.349-1.494c-1.693-1.078-2.398-1.535-2.938-2.12-0.495-0.536-0.894-1.153-1.178-1.825-0.31-0.733-0.436-1.564-0.72-3.551l-1.603-11.224c-0.066-0.456-0.107-0.748-0.121-0.974-0.015-0.215 1e-3 -0.301 0.015-0.348 0.05-0.167 0.146-0.316 0.279-0.429 0.036-0.032 0.109-0.081 0.31-0.156 0.213-0.079 0.496-0.161 0.94-0.287l9.44-2.698c0.324-0.092 0.389-0.107 0.447-0.114zm13.306 5.231-1.318 9.228c4.007 0.508 7.106 3.93 7.106 8.075 0 4.496-3.644 8.141-8.14 8.141-3.01 0-5.639-1.634-7.048-4.064l-0.212 0.136-0.135 0.085c-0.996 0.634-1.683 1.072-2.443 1.248-0.668 0.154-1.364 0.154-2.032 0-0.76-0.176-1.447-0.614-2.443-1.248l-0.134-0.085-2.466-1.57c-1.541-0.98-2.461-1.565-3.179-2.344-0.637-0.689-1.149-1.483-1.515-2.347-0.413-0.976-0.567-2.054-0.825-3.863l-1.628-11.392c-0.059-0.416-0.111-0.778-0.131-1.081-0.021-0.323-0.012-0.648 0.087-0.98 0.148-0.501 0.439-0.949 0.835-1.289 0.264-0.226 0.557-0.366 0.86-0.478 0.285-0.106 0.636-0.206 1.04-0.322l0.031-9e-3 9.44-2.697 0.05-0.014c0.247-0.071 0.465-0.133 0.693-0.159 0.2-0.022 0.402-0.022 0.603 0 0.227 0.026 0.445 0.088 0.692 0.159l0.05 0.014 9.471 2.706c0.404 0.116 0.755 0.216 1.04 0.322 0.304 0.112 0.596 0.252 0.86 0.478 0.397 0.34 0.687 0.788 0.835 1.289 0.099 0.332 0.108 0.657 0.087 0.98-0.02 0.303-0.072 0.665-0.131 1.08v1e-3zm-2.352 10.972c-3.497 0-6.332 2.835-6.332 6.331 0 3.497 2.835 6.332 6.332 6.332s6.331-2.835 6.331-6.332c0-3.496-2.834-6.331-6.331-6.331zm4.313 4.197c0.319-0.384 0.268-0.954-0.116-1.274s-0.954-0.268-1.274 0.116l-3.888 4.666-2.013-2.013c-0.354-0.353-0.926-0.353-1.28 0-0.353 0.353-0.353 0.926 0 1.279l2.714 2.713c0.18 0.18 0.427 0.276 0.68 0.264 0.254-0.011 0.492-0.129 0.654-0.324l4.523-5.427zm-19.689-10.529c0-2.497 2.024-4.522 4.522-4.522s4.522 2.025 4.522 4.522c0 1.48-0.71 2.794-1.809 3.619v3.617c0 1.499-1.214 2.714-2.713 2.714s-2.713-1.215-2.713-2.714v-3.617c-1.099-0.825-1.809-2.139-1.809-3.619zm5.426 4.523h-1.808v2.713c0 0.5 0.405 0.905 0.904 0.905 0.5 0 0.904-0.405 0.904-0.905v-2.713zm-0.904-1.809c1.499 0 2.713-1.215 2.713-2.714 0-1.498-1.214-2.713-2.713-2.713s-2.713 1.215-2.713 2.713c0 1.499 1.214 2.714 2.713 2.714z" fill="#28323f"/>
|
||||
<defs>
|
||||
<image id="_Image2" width="25px" height="29px" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABkAAAAdCAYAAABfeMd1AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAa0lEQVRIiWP8U1b2n4HGgInWFgwvS1gYhOhgCbMp7S0ZPnFCp4gXpYclivSwhA4BNowi/vBzZtpbsuUBK80tGT5xQqcc/y6UDpZ806G5JcMoThj/07xFxMBid+sE7S1h+/ub5pYMn4iniyUAs5sPQ3yZHVsAAAAASUVORK5CYII="/>
|
||||
</defs>
|
||||
</svg>
|
||||
|
Before Width: | Height: | Size: 4.9 KiB |
@ -59,5 +59,3 @@ Even when you are able to delete an account, there is no guarantee that all your
|
||||
## Avoid New Accounts
|
||||
|
||||
As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you!
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -38,7 +38,7 @@ To minimize the potential damage that a malicious piece of software can do, you
|
||||
|
||||
Mobile operating systems are generally safer than desktop operating systems when it comes to application sandboxing. Apps cannot obtain root access and only have access to system resources which you grant them.
|
||||
|
||||
Desktop operating systems generally lag behind on proper sandboxing. Chrome OS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of virtual machines or containers, such as Qubes OS.
|
||||
Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of virtual machines or containers, such as Qubes OS.
|
||||
|
||||
<span class="pg-red">:material-target-account: Targeted Attacks</span>
|
||||
|
||||
@ -171,7 +171,7 @@ So, how might this look?
|
||||
|
||||
One of the clearest threat models is one where people *know who you are* and one where they do not. There will always be situations where you must declare your legal name and places where you can get away without doing so.
|
||||
|
||||
1. **Known identity** - A known identity is used for things where you must declare your name. There are many such legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, a customs declaration when importing an item or otherwise dealing with your Government. These things will usually always lead back credentials such as credit cards, credit rating checks, account numbers and possibly physical addresses.
|
||||
1. **Known identity** - A known identity is used for things where you must declare your name. There are many such legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, a customs declaration when importing an item or otherwise dealing with your Government. These things will usually lead back credentials such as credit cards, credit rating checks, account numbers and possibly physical addresses.
|
||||
|
||||
We don't suggest using a VPN or Tor for any of these things as your identity is already known through other means.
|
||||
|
||||
|
||||
@ -304,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a
|
||||
It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps.
|
||||
|
||||
This feature does come at a privacy cost, as it tells the DNS server some information about the client's location.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -38,5 +38,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
|
||||
### Why Can't Metadata be E2EE?
|
||||
|
||||
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
title: "Multifactor Authentication"
|
||||
title: "Multi-factor Authentication"
|
||||
icon: 'material/two-factor-authentication'
|
||||
---
|
||||
**Multifactor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
|
||||
**Multi-factor authentication** is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
|
||||
|
||||
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
|
||||
|
||||
@ -40,7 +40,7 @@ Although not perfect, TOTP is secure enough for most people, and when [hardware
|
||||
|
||||
The YubiKey stores data on a tamper-resistant solid-state chip which is [impossible to access](https://security.stackexchange.com/a/245772) non-destructively without an expensive process and a forensics laboratory.
|
||||
|
||||
These keys are generally multifunction and provide a number of methods to authenticate. Below are the most common ones.
|
||||
These keys are generally multi-function and provide a number of methods to authenticate. Below are the most common ones.
|
||||
|
||||
#### Yubico OTP
|
||||
|
||||
@ -116,7 +116,7 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
|
||||
|
||||
## More Places to Set Up MFA
|
||||
|
||||
Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
|
||||
Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
|
||||
|
||||
### Windows
|
||||
|
||||
@ -156,10 +156,8 @@ SSH MFA could be set up using multiple different authentication methods that are
|
||||
|
||||
#### Time-based One-time Password (TOTP)
|
||||
|
||||
SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up MultiFactor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.
|
||||
SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.
|
||||
|
||||
### KeePass (and KeePassXC)
|
||||
|
||||
KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -65,12 +65,12 @@ Tor allows us to connect to a server without any single party knowing the entire
|
||||
|
||||
Though Tor does provide strong privacy guarantees, one must be aware that Tor is not perfect:
|
||||
|
||||
- Well-funded adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor users by means of advanced traffic analysis. Nor Tor does not protect you from exposing yourself by mistake, such as if you share to much information about your real identity.
|
||||
- Well-funded adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor users by means of advanced traffic analysis. Nor does Tor protect you from exposing yourself by mistake, such as if you share too much information about your real identity.
|
||||
- Tor exit nodes can also monitor traffic that passes through them. This means traffic which is not encrypted, such as plain HTTP traffic, can be recorded and monitored. If such traffic contains personally identifiable information, then it can deanonymize you to that exit node. Thus, we recommend using HTTPS over Tor where possible.
|
||||
|
||||
If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting.
|
||||
|
||||
- [Browsers: Tor Browser :hero-arrow-circle-right-fill:](../browsers.md#tor-browser)
|
||||
- [Browsers: Tor Browser :hero-arrow-circle-right-fill:](../desktop-browsers.md#tor-browser)
|
||||
|
||||
## Additional Resources
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@ By using a VPN with Tor, you're creating essentially a permanent entry node, oft
|
||||
|
||||
VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead.
|
||||
|
||||
## What about VPN providers that provides Tor nodes?
|
||||
## What about VPN providers that provide Tor nodes?
|
||||
|
||||
Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
|
||||
|
||||
@ -69,5 +69,3 @@ For use cases like these, or if you have another compelling reason, the VPN prov
|
||||
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
|
||||
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
|
||||
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
Submodule docs/blog deleted from a286f2432c
56
docs/blog/2021/09/14/welcome-to-privacy-guides.md
Normal file
56
docs/blog/2021/09/14/welcome-to-privacy-guides.md
Normal file
@ -0,0 +1,56 @@
|
||||
---
|
||||
title: Welcome to Privacy Guides
|
||||
created: "2021-09-14"
|
||||
author: 'Jonah'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
We are excited to announce the launch of [Privacy Guides](https://www.privacyguides.org/) and [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/), and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.
|
||||
|
||||
As we [announced](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) on the PrivacyTools blog in July, we made the decision to migrate off our former privacytools.io domain for various reasons, including an inability to contact the current domain holder for over a year and [growing](http://www.thedarksideof.io/) [issues](https://fortune.com/2020/08/31/crypto-fraud-io-domain-chagos-islands-uk-colonialism-cryptocurrency/) [with the .IO top-level domain](https://github.com/privacytools/privacytools.io/issues/1324). As attempts to regain ownership of the domain have proven fruitless, we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to [www.privacyguides.org](https://www.privacyguides.org/), and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
|
||||
|
||||
We chose the name Privacy Guides because it represents two things for us as an organization: An expansion beyond simple recommendation lists, and a goal of acting as the trusted guides to anyone newly learning about protecting their personal data.
|
||||
|
||||
As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more _education_ — rather than _direction_ — surrounding privacy-related topics. You can see the very beginnings of this work in our new page on [threat modeling](https://www.privacyguides.org/basics/threat-modeling/), or our [VPN](https://www.privacyguides.org/vpn) and [Email Provider](https://www.privacyguides.org/email) recommendations, but this is just the start of what we eventually hope to accomplish.
|
||||
|
||||
## Website Development
|
||||
|
||||
Our project has always been community-oriented and open-sourced. The source code for PrivacyTools is currently archived at [https://github.com/privacytools/privacytools.io](https://github.com/privacytools/privacytools.io). This repository will remain online as an archive of everything on PrivacyTools up to this transition.
|
||||
|
||||
The source code for our new website is available at [https://github.com/privacyguides/privacyguides.org](https://github.com/privacyguides/privacyguides.org). All updates from PrivacyTools have been merged into this new repository, and this is where all future work will take place.
|
||||
|
||||
## Services
|
||||
|
||||
PrivacyTools also runs a number of online services in use by many users. Some of these services are federated, namely Mastodon, Matrix, and PeerTube. Due to the technical nature of federation, it is impossible for us to change the domain name on these services, and because we cannot guarantee the future of the privacytools.io domain name we will be shutting down these services in the coming months.
|
||||
|
||||
We strongly urge users of these services to migrate to alternative providers in the near future. We hope that we will be able to provide enough time to make this as seamless of a transition as possible for our users.
|
||||
|
||||
At this time we do not plan on launching public Matrix, Mastodon, or PeerTube instances under the Privacy Guides domain. Any users affected by this transition can get in touch with [@jonah:aragon.sh](https://matrix.to/#/@jonah:aragon.sh) on Matrix if any assistance is needed.
|
||||
|
||||
Other services being operated by PrivacyTools currently will be discontinued. This includes Searx, WriteFreely, and GhostBin.
|
||||
|
||||
Our future direction for online services is uncertain, but will be a longer-term discussion within our community after our work is complete on this initial transition. We are very aware that whatever direction we move from here will have to be done in a way that is sustainable in the very long term.
|
||||
|
||||
## r/PrivacyGuides
|
||||
|
||||
PrivacyTools has a sizable community on Reddit, but to ensure a unified image we have created a new Subreddit at [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/) that we encourage all Reddit users to join.
|
||||
|
||||
In the coming weeks our current plan is to wind down discussions on r/privacytoolsIO. We will be opening r/PrivacyGuides to lots of the discussions most people are used to shortly, but encouraging general “privacy news” or headline-type posts to be posted on [r/Privacy](https://www.reddit.com/r/privacy/) instead. In our eyes, r/Privacy is the “who/what/when/where” of the privacy community on Reddit, the best place to find the latest news and information; while r/PrivacyGuides is the “how”: a place to share and discuss tools, tips, tricks, and other advice. We think focusing on these strong points will serve to strengthen both communities, and we hope the good moderators of r/Privacy agree 🙂
|
||||
|
||||
## Final Thoughts
|
||||
|
||||
The former active team at PrivacyTools universally agrees on this direction towards Privacy Guides, and will be working exclusively on Privacy Guides rather than any “PrivacyTools” related projects. We intend to redirect PriavcyTools to new Privacy Guides properties for as long as possible, and archive existing PrivacyTools work as a pre-transition snapshot.
|
||||
|
||||
Privacy Guides additionally welcomes back PrivacyTools’ former sysadmin [Jonah](https://twitter.com/JonahAragon), who will be joining the project’s leadership team.
|
||||
|
||||
We are not accepting sponsorships or donations at this time, while we work out our financial plan. We will be in touch with existing sponsors on PrivacyTools’ OpenCollective to determine what the best way forward is soon.
|
||||
|
||||
We are all very excited about this new brand and direction, and hope to have your continued support through all of this. If you have any questions, concerns, or suggestions, please reach out to us. We are always happy to receive guidance and input from our community! ❤
|
||||
|
||||
---
|
||||
|
||||
**_Privacy Guides_** _is a socially motivated website that provides information for protecting your data security and privacy._
|
||||
|
||||
- [Join r/PrivacyGuides on Reddit](https://www.reddit.com/r/privacyguides)
|
||||
- [Follow @privacy_guides on Twitter](https://twitter.com/privacy_guides)
|
||||
- [Collaborate with us on GitHub](https://github.com/privacyguides/privacyguides.org)
|
||||
- [Join our chat on Matrix](https://matrix.to/#/#privacyguides:aragon.sh)
|
||||
BIN
docs/blog/2021/11/01/virtual-insanity.jpg
Normal file
BIN
docs/blog/2021/11/01/virtual-insanity.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 440 KiB |
30
docs/blog/2021/11/01/virtual-insanity.md
Normal file
30
docs/blog/2021/11/01/virtual-insanity.md
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
title: Virtual Insanity
|
||||
image: 'blog/2021/11/01/virtual-insanity.jpg'
|
||||
created: "2021-11-01"
|
||||
author: 'Freddy'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
Not so long ago, the world was predicting the end for Facebook. Now it is no more. Gone from the face of the planet – never to be seen again. Except it isn’t.
|
||||
|
||||
Facebook has not disappeared. No, not even the damning ‘Facebook Papers’ can shut it down. Mark Zuckerberg stood up on stage, and announced that it had changed its name to: Meta.
|
||||
|
||||
A key part of this new vision for the company is the idea of the metaverse. If it sounds like something out of a sci-fi movie or novel, that’s because it is. The term was first coined by author Neal Stephenson in his 1992 book _Snow Crash_. Zuckerberg’s only problem is that novel was dystopian. Here’s a brief snippet of Stephenson’s description of the metaverse:
|
||||
|
||||
> “Your avatar can look any way you want it to, up to the limitations of your equipment. If you’re ugly, you can make your avatar beautiful. If you’ve just gotten out of bed, your avatar can still be wearing beautiful clothes and professionally applied makeup. You can look like a gorilla or a dragon or a giant talking penis in the Metaverse. Spend five minutes walking down the Street and you will see all of these.”
|
||||
|
||||
In fairness, that doesn’t seem unlike the sort of content you see on Facebook today. Compare this to what Zuckerberg [wrote](https://about.fb.com/news/2021/10/founders-letter/) in his 2021 Founders Letter:
|
||||
|
||||
> “In this future, you will be able to teleport instantly as a hologram to be at the office without a commute, at a concert with friends, or in your parents’ living room to catch up. This will open up more opportunity no matter where you live. You’ll be able to spend more time on what matters to you, cut down time in traffic, and reduce your carbon footprint.”
|
||||
|
||||
The similarities are uncanny.
|
||||
|
||||
This wouldn’t be the first time that Facebook has been described as dystopian. One _Mashable_ article [called](https://mashable.com/article/facebook-dystopia) the social media giant ‘Orwellian and Huxleyan at the same time.’ Quite a feat.
|
||||
|
||||
The ‘Facebook Papers’ have some pretty shocking - though not entirely surprising - revelations as well. The leaked documents demonstrate the extent to which Facebook values engagement above all else (including a good experience). For instance, we learnt that the algorithm is [optimised](https://www.wired.com/story/facebook-transparency-biggest-sites-pages-links/) for low quality content, [prioritises](https://www.washingtonpost.com/technology/2021/10/26/facebook-angry-emoji-algorithm/) rage over happiness for profit, and [promotes](https://www.theatlantic.com/ideas/archive/2021/10/facebook-papers-democracy-election-zuckerberg/620478/) extremist content. Most alarming was that the firm [failed](https://apnews.com/article/the-facebook-papers-covid-vaccine-misinformation-c8bbc569be7cc2ca583dadb4236a0613) to reduce disinformation during the pandemic even when given the opportunity. Zuckerberg said no to this, presumably because it would reduce engagement and, in turn, Facebook’s advertising revenue.
|
||||
|
||||
Let’s not forget all Facebook’s previous scandals. From the Cambridge Analytica kerfuffle to [conducting](https://www.theregister.com/2014/06/29/researchers_mess_with_facebook_users_emotions/) manipulative social experiments in secret.
|
||||
|
||||
In light of this, the name change makes sense. It deceives you into thinking the company has evolved into a benevolent corporation, when it simply hasn’t. Zuckerberg would much prefer you to think about Meta as a playful universe where you can meet with friends across the globe in virtual reality. Where humans train themselves to sound like heavily discounted robots. Where Facebook is not a Horrid Company.
|
||||
|
||||
Despite all this: Meta _is_ Facebook, just worse. It doesn’t matter about the new name, the company has not changed. It will still be violating our privacy, daily, on an unprecedented scale. It will still be as reliably scandalous as a Carry On film. It will still be terrible. Plus it will have all the added claptrap of a sub-par holographic universe attached.
|
||||
60
docs/blog/2021/12/01/firefox-privacy-2021-update.md
Normal file
60
docs/blog/2021/12/01/firefox-privacy-2021-update.md
Normal file
@ -0,0 +1,60 @@
|
||||
---
|
||||
title: 'Firefox Privacy: 2021 Update'
|
||||
image: 'blog/2021/12/01/firefox-privacy-2021-update.png'
|
||||
created: "2021-12-01"
|
||||
author: 'Daniel'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We’re also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.
|
||||
|
||||
Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/browsers) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser _more_ unique.
|
||||
|
||||
#### Privacy Tweaks “about:config”
|
||||
|
||||
We’re no longer recommending that users set `about:config` switches manually. Those switches need to be up to date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behaviour changes in between Firefox releases, is superseded by other keys or they are removed entirely. We do not see any point in duplicating the efforts of the community [Arkenfox](https://github.com/arkenfox/user.js) project. Arkenfox has very good documentation in their [wiki](https://github.com/arkenfox/user.js/wiki) and we use it ourselves.
|
||||
|
||||
#### LocalCDN and Decentraleyes
|
||||
|
||||
These extensions aren’t required with Total Cookie Protection (TCP), which is enabled if you’ve set Enhanced Tracking Protection (ETP) to **Strict**.
|
||||
|
||||
Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumeration of badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesn’t help with most other third-party connections.
|
||||
|
||||
CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely used anyway.
|
||||
|
||||
#### NeatURLs and ClearURLS
|
||||
|
||||
Previously we recommended ClearURLs to remove tracking parameters from URLs you might visit. These extensions are no longer needed with uBlock Origin’s [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam) feature.
|
||||
|
||||
#### HTTPS Everywhere
|
||||
|
||||
The EFF announced back in September they were [deprecating HTTPS-Everywhere](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) as most browsers now have an HTTPS-Only feature. We are pleased to see privacy features built into the browser and Firefox 91 introduced [HTTPS by Default in Private Browsing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/).
|
||||
|
||||
#### Multi Account Containers and Temporary Containers
|
||||
|
||||
Container extensions aren’t as important as they used to be for privacy now that we have [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/).
|
||||
|
||||
Multi Account Container will still have some use if you use [Mozilla VPN](https://en.wikipedia.org/wiki/Mozilla_VPN) as it is going to be [integrated](https://github.com/mozilla/multi-account-containers/issues/2210) allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to login to multiple accounts on the same domain.
|
||||
|
||||
#### Just-In-Time Compilation (JIT)
|
||||
|
||||
What is “Disable JIT” in Bromite? This option disables the JavaScript performance feature [JIT](https://en.wikipedia.org/wiki/Just-in-time_compilation). It can increase security but at the cost of performance. Those trade-offs vary wildly and are explored in [this](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/) publication by Johnathan Norman from the Microsoft Edge team. This option is very much a security vs performance option.
|
||||
|
||||
#### Mozilla browsers on Android
|
||||
|
||||
We don’t recommend any Mozilla based browsers on Android. This is because we don’t feel that [GeckoView](https://mozilla.github.io/geckoview) is quite as secure as it could be as it doesn’t support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture), soon to be coming in desktop browsers or [isolated processes](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
|
||||
|
||||
We also noticed that there isn’t an option for [HTTPS-Only mode](https://github.com/mozilla-mobile/fenix/issues/16952#issuecomment-907960218). The only way to get something similar is to install the [deprecated](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) extension [HTTPS Everywhere](https://www.eff.org/https-everywhere).
|
||||
|
||||
There are places which Firefox on Android shines for example browsing news websites where you may want to _partially_ load some JavaScript (but not all) using medium or hard [blocking mode](https://github.com/gorhill/uBlock/wiki/Blocking-mode). The [reader view](https://support.mozilla.org/en-US/kb/view-articles-reader-view-firefox-android) is also pretty cool. We expect things will change in the future, so we’re keeping a close eye on this.
|
||||
|
||||
#### Fingerprinting
|
||||
|
||||
Firefox has the ability to block known third party [fingerprinting resources](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). Mozilla has [advanced protection](https://support.mozilla.org/kb/firefox-protection-against-fingerprinting) against fingerprinting (RFP is enabled with Arkenfox).
|
||||
|
||||
We do not recommend extensions that promise to change your [browser fingerprint](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/). Some of those extensions [are detectable](https://www.cse.chalmers.se/~andrei/codaspy17.pdf) by websites through JavaScript and [CSS](https://hal.archives-ouvertes.fr/hal-03152176/file/style-fingerprinting-usenix.pdf) methods, particularly those which inject anything into the web content.
|
||||
|
||||
This includes **all** extensions that try to change the user agent or other browser behaviour to prevent fingerprinting. We see these often recommended on Reddit and would like to say that they will likely make you more unique and can be circumvented. Arkenfox has [a good list](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-%EF%B8%8F-anti-fingerprinting-extensions-fk-no) of extensions you shouldn’t be using. They also have [another list](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#small_orange_diamond-dont-bother) of extensions you needn’t bother with either. We also like to say testing sites which show you how unique you are in a set of users are often using hugely tainted results that are not indicative of real-world usage.
|
||||
|
||||
----------
|
||||
|
||||
_Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase.
|
||||
BIN
docs/blog/2021/12/01/firefox-privacy-2021-update.png
Normal file
BIN
docs/blog/2021/12/01/firefox-privacy-2021-update.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.1 MiB |
BIN
docs/blog/2022/04/04/move-fast-and-break-things.jpg
Normal file
BIN
docs/blog/2022/04/04/move-fast-and-break-things.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 358 KiB |
28
docs/blog/2022/04/04/move-fast-and-break-things.md
Normal file
28
docs/blog/2022/04/04/move-fast-and-break-things.md
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
title: '"Move Fast and Break Things"'
|
||||
image: 'blog/2022/04/04/move-fast-and-break-things.jpg'
|
||||
created: "2022-04-04"
|
||||
author: 'Freddy'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
Mark Zuckerberg does not look comfortable on stage. Yet, there he was proclaiming that “the future is private”. If someone has to tell you that they care about your privacy, they probably don’t.
|
||||
|
||||
For someone trying not to appear like a cartoon villain, Zuckerberg doesn’t do a great job. He gives the impression of some strange cyborg algorithmically attempting to impersonate human life. His movements are not quite robotic, but he lacks the charisma you might expect from one of the most powerful people on the planet. A _New Yorker_ [profile](https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy) of him revealed that he had an affinity for Emperor Augustus, an ancient Roman tyrant. ‘Through a really harsh approach, [Augustus] established two hundred years of world peace,’ he said.
|
||||
|
||||
It’s the first part of that sentence that is worrying.
|
||||
|
||||
Is this what Zuckerberg sees himself as: a modern-day emperor hellbent on using any means he can to gain world peace? Probably not, but it would have been reassuring if he just told us he liked doing Sudoku and dad-dancing with his daughter (interestingly named August).
|
||||
|
||||
The Zuck once [joked](https://www.esquire.com/uk/latest-news/a19490586/mark-zuckerberg-called-people-who-handed-over-their-data-dumb-f/) to a friend that he could get them ‘info’ about anyone in Harvard. He had email addresses, pictures, real addresses: the lot. When the friend asked how, this was his riposte: ‘People just submitted it. I don’t know why. They trust me. Dumb f*cks.’ We now live in a reality where Zuckerberg can get ‘info’ about almost anyone in the world.
|
||||
|
||||
Like a depraved tabloid journalist fishing through a minor celebrity’s trash, Facebook collects everything it can about its users. Even if it means sifting through garbage, they want that data. But Facebook is not technically in the data business. It is in what author and professor Carissa Véliz [terms](https://aeon.co/essays/privacy-matters-because-it-empowers-us-all) ‘the business of power’ – which sounds rather more sinister than flogging off mildly irritating adverts.
|
||||
|
||||
Véliz argues that privacy is a form of power. It is the power to influence you, show you adverts and predict your behaviour. In this sense, personal data is being used to make us do things we otherwise would not do: to buy a certain product or to vote a certain way. Filmmaker Laura Poitras [described](https://www.washingtonpost.com/news/the-switch/wp/2014/10/23/snowden-filmmaker-laura-poitras-facebook-is-a-gift-to-intelligence-agencies/) Facebook as ‘a gift to intelligence agencies’. It allows governments to arrest people planning to participate in protests before they have even begun.
|
||||
|
||||
The social media giant is tip-toeing ever closer into our personal lives. When Facebook encountered competition it just bought it, adding Instagram and WhatsApp to its roster. The company even tried to make its own cryptocurrency so that one day the Facebook would control all our purchases too. Earlier this year, the project was [killed](https://www.ft.com/content/a88fb591-72d5-4b6b-bb5d-223adfb893f3) by regulators. It is worth noting that when Zuckerberg purchased WhatsApp and Instagram, they had no revenue. Author Tim Wu notes in his book _The Attention Merchants_ that Facebook is ‘a business with an exceedingly low ratio of invention to success’. Perhaps that is a part of Zuck’s genius.
|
||||
|
||||
‘Move fast and break things’ was the old company motto. When there were a few too many scandals, they moved fast and [rebranded](https://www.privacyguides.org/blog/2021/11/01/virtual-insanity) to Meta. No one expected online privacy to be the ‘thing’ they broke.
|
||||
|
||||
Before it became a global behemoth, Facebook started out as a dorm-room project. Zuckerberg sat at his keyboard after a few drinks and built it mainly because he could. It now has nearly three billion users. In the same way, Facebook [conducted](https://www.theguardian.com/technology/2014/jul/02/facebook-apologises-psychological-experiments-on-users) social experiments seemingly just for fun. Why he did it doesn’t really matter. As John Lanchester [put it](https://www.lrb.co.uk/the-paper/v39/n16/john-lanchester/you-are-the-product): he simply did it _because_.
|
||||
|
||||
It is unfair to say that Zuckerberg does not care about privacy – he does. That’s why he [spared](https://www.theguardian.com/technology/2013/oct/11/mark-zuckerberg-facebook-neighbouring-houses) no expense buying the houses that surrounded his home. Zuckerberg knows the power of privacy, which is painfully ironic given he has built his career on exploiting it. For Zuckerberg, at least, the future is private. It’s the rest of us that should be worried.
|
||||
BIN
docs/blog/2022/06/09/hide-nothing.jpg
Normal file
BIN
docs/blog/2022/06/09/hide-nothing.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 774 KiB |
42
docs/blog/2022/06/09/hide-nothing.md
Normal file
42
docs/blog/2022/06/09/hide-nothing.md
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
title: '"Hide Nothing"'
|
||||
image: 'blog/2022/06/09/hide-nothing.jpg'
|
||||
created: "2022-06-09"
|
||||
author: 'Dan Arel'
|
||||
template: overrides/blog.en.html
|
||||
---
|
||||
In the wake of the September 11, 2001, attack on the United States, the US government enacted laws that weakened citizen privacy in the name of national emergency. This sent up many red flags for human rights and privacy advocates.
|
||||
|
||||
These concerns were met with “if you have nothing to hide, you have nothing to fear.” The argument goes that if you're not doing anything illegal, then these violations of your privacy shouldn't bother you. If you care about privacy, you clearly can't be up to anything good.
|
||||
|
||||
On the surface, this seems true to many people – but the reality is very different. We may not have had anything to hide in the immediate aftermath of 9/11, but that was not the only information being sought after by governments. Indeed, following the passage of the Patriot Act in the US, the FBI issued 192,499 [National Security Letters](https://www.aclu.org/other/national-security-letters), meaning they collected the records and online activity of nearly 200,000 people.
|
||||
|
||||
In the end it only convicted one person.
|
||||
|
||||
Now, many have argued that stopping one terrorist might be worth giving up some security for, but [according](https://www.aclu.org/issues/national-security/privacy-and-surveillance/surveillance-under-patriot-act) to the ACLU, the conviction would have occurred without the Patriot Act.
|
||||
|
||||
Many legal actions you take today could be deemed illegal by future laws or future government. In the US today there is discussion around the possibility of Roe v. Wade being overturned, allowing states to outlaw abortions. You may not currently feel the need to hide internet searches, menstrual cycle apps, or donations to women's health clinics today because it's not illegal, but tomorrow that information could be used against you.
|
||||
|
||||
In countries were organizing around political dissent is legal, that doesn't mean the government is tracking those taking part and using that information to create informants or infiltrate such groups. Or worse, when or if laws change, using that surveillance to punish those involved.
|
||||
|
||||
And even if you break away from the legal aspects, we all have something to hide. You may not be ready to reveal your sexual or gender identity, but your internet usage could potentially do that for you. You don't want to make your bank account public; you have that information to hide. And you can continue to list things about your life you'd just rather not make public, regardless of potential legality.
|
||||
|
||||
In July of 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the Gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
|
||||
|
||||
> “A mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 —– at both his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and events in other cities,” the Pillar reported.
|
||||
|
||||
> “The data obtained and analyzed by The Pillar conveys mobile app date signals during two 26-week periods, the first in 2018 and the second in 2019 and 2020. The data was obtained from a data vendor and authenticated by an independent data consulting firm contracted by The Pillar,” the site reported. It did not identify who the vendor was or if the site bought the information or got it from a third party.
|
||||
|
||||
> The Pillar story says app data “correlated” to Burrill's phone shows the priest visited gay bars, including while traveling for the USCCB.
|
||||
|
||||
While it was not clear who was tracking Burrill's device, the Post went on to say that:
|
||||
|
||||
> Privacy experts have long raised concerns about “anonymized” data collected by apps and sold to or shared with aggregators and marketing companies. While the information is typically stripped of obviously identifying fields, like a user's name or phone number, it can contain everything from age and gender to a device ID. It's possible for experts to de-anonymize some of this data and connect it to real people.
|
||||
|
||||
While Burrill was without a doubt in violation of his works own code of conduct, he did decide on his own to be a priest. However, his personal life was not harming others and was just that, his personal life. While the question looms about who was tracking him to begin with and why, the fact it was so easy to do is alarming.
|
||||
|
||||
What if Burrill wasn't a priest, but just happened to work for someone who held anti-homosexual views who used this data to out him, humiliate him, and fire him under false pretenses? This data, which should be private could (and likely did in the real-life circumstance) ruin his life.
|
||||
|
||||
That is what makes internet privacy so important. It's not hiding nefarious activity, it's that we all have an innate right to our privacy.
|
||||
|
||||
You might not feel today that you have anything to hide, but you might not feel that way tomorrow and once something is public, it cannot be made private again.
|
||||
@ -78,5 +78,3 @@ Calendars and contacts contain some of your most sensitive data; use products th
|
||||
|
||||
!!! warning
|
||||
Proton [does not](https://proton.me/support/proton-contacts#verify) use E2EE for your contact names and email addresses.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -63,8 +63,10 @@ When self-hosting, you should also enable E2EE to protect against your hosting p
|
||||
[:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
|
||||
|
||||
Proton Drive is currently in beta and only is only available through a web client.
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
|
||||
|
||||
Proton Drive is currently in beta and is only available through a web client and an Android app.
|
||||
|
||||
When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](basics/threat-modeling.md), consider using an alternative.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -1,10 +1,8 @@
|
||||
---
|
||||
title: "Web Browsers"
|
||||
title: "Desktop Browsers"
|
||||
icon: octicons/browser-16
|
||||
---
|
||||
These are our currently recommended web browsers and configurations. In general, we recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
|
||||
## General Recommendations
|
||||
These are our currently recommended desktop web browsers and configurations. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
|
||||
### Tor Browser
|
||||
|
||||
@ -30,15 +28,11 @@ These are our currently recommended web browsers and configurations. In general,
|
||||
- [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
|
||||
|
||||
!!! danger
|
||||
|
||||
You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Nor should you manually enable HTTPS-only mode or edit `about:config` settings. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
|
||||
|
||||
## Desktop Recommendations
|
||||
|
||||
### Firefox
|
||||
|
||||
!!! recommendation
|
||||
@ -125,8 +119,6 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
|
||||
|
||||
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
|
||||
|
||||
We don't recommend Brave's mobile browser offerings as there are better [options](#mobile-recommendations) for mobile platforms.
|
||||
|
||||
[:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
|
||||
[:pg-tor:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
|
||||
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
|
||||
@ -155,6 +147,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
|
||||
|
||||
<div class="annotate" markdown>
|
||||
|
||||
- [x] Select **Prevent sites from fingerprinting me based on my language preferences**
|
||||
- [x] Select **Aggressive** under Trackers & ads blocking
|
||||
|
||||
??? warning "Use default filter lists"
|
||||
@ -216,106 +209,6 @@ Under the *System* menu
|
||||
|
||||
1. This option is not present on all platforms.
|
||||
|
||||
## Mobile Recommendations
|
||||
|
||||
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
|
||||
|
||||
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
|
||||
|
||||
### Bromite
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Bromite** is a Chromium-based browser with privacy and security enhancements, built-in ad blocking, and some fingerprinting randomization.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.bromite.org){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://www.bromite.org/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://github.com/bromite/bromite/wiki){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/bromite/bromite){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://github.com/bromite/bromite#donate){ .card-link title=Contribute }
|
||||
|
||||
??? downloads annotate
|
||||
|
||||
- [:pg-f-droid: F-Droid](https://www.bromite.org/fdroid) (1)
|
||||
|
||||
1. If you use [Neo Store](/android/#neo-store), you can enable the *Bromite repository* in:<br> :material-dots-vertical: → **Repositories**
|
||||
|
||||
These options can be found in :material-menu: → :gear: **Settings** → **Privacy and security**.
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
##### HTTPS-Only Mode
|
||||
|
||||
- [x] Select **Always use secure connections**
|
||||
|
||||
This prevents you from unintentionally connecting to a website in plain-text HTTP. The HTTP protocol is extremely uncommon nowadays, so this should have little to no impact on your day to day browsing.
|
||||
|
||||
##### Always-on Incognito Mode
|
||||
|
||||
- [x] Select **Always open links in incognito** in the **Incognito mode** menu
|
||||
- [x] Select **Close all open tabs on exit**
|
||||
- [x] Select **Open external links in incognito**
|
||||
|
||||
### Safari
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**.
|
||||
|
||||
##### Cross-Site Tracking Prevention
|
||||
|
||||
- [x] Enable **Prevent Cross-Site Tracking**
|
||||
|
||||
This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
|
||||
|
||||
##### Privacy Report
|
||||
|
||||
Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
|
||||
|
||||
Privacy Report is accessible via the Page Settings menu (:pg-textformat-size:).
|
||||
|
||||
##### Privacy Preserving Ad Measurement
|
||||
|
||||
- [ ] Disable **Privacy Preserving Ad Measurement**
|
||||
|
||||
Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
|
||||
|
||||
The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
|
||||
|
||||
##### Apple Pay
|
||||
|
||||
If you do not use Apple Pay, you can toggle off the ability for websites to check for it.
|
||||
|
||||
- [ ] Disable **Allow websites to check for Apple Pay and Apple Card**
|
||||
|
||||
##### Always-on Private Browsing
|
||||
|
||||
Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
|
||||
|
||||
- [x] Select **Private**
|
||||
|
||||
Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
|
||||
|
||||
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
|
||||
|
||||
##### iCloud Sync
|
||||
|
||||
Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
|
||||
|
||||
If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
|
||||
|
||||
## Additional Resources
|
||||
|
||||
We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin or AdGuard may prove useful if you value content blocking functionality.
|
||||
@ -339,28 +232,7 @@ We generally do not recommend installing any extensions as they increase your at
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
|
||||
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
|
||||
|
||||
We suggest leaving the extension in its default configuration. Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third-party filter could add malicious rules that can potentially steal user data.
|
||||
|
||||
### AdGuard for iOS
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
|
||||
|
||||
AdGuard for iOS has some premium features, however standard Safari content blocking is free of charge.
|
||||
|
||||
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
|
||||
|
||||
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
|
||||
We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third-party filter could add malicious rules that can potentially steal user data.
|
||||
|
||||
### Snowflake
|
||||
|
||||
@ -393,21 +265,4 @@ Additional filter lists do slow things down and may increase your attack surface
|
||||
|
||||
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
|
||||
|
||||
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
|
||||
|
||||
### Terms of Service; Didn't Read
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Terms of Service; Didn't Read** grades websites based on their terms of service agreements and privacy policies. It also gives short summaries of those agreements. The analyses and ratings are published transparently by a community of reviewers.
|
||||
|
||||
[:octicons-globe-16: Website](https://tosdr.org){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://docs.tosdr.org/sp/tosdr.org-Privacy-Policy.89456373.html){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://docs.tosdr.org/index.html){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://tosdr.org/donate){ .card-link title=Contribute }
|
||||
|
||||
We do not recommend installing ToS;DR as a browser extension; the same information is also provided on their website.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
|
||||
@ -95,22 +95,6 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ba
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.celzero.bravedns)
|
||||
|
||||
### DNSCloak
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**DNSCloak** is an open-source iOS client supporting [DNS-over-HTTPS](basics/dns-overview.md#dns-over-https-doh), [DNSCrypt](basics/dns-overview.md#dnscrypt), and [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy/wiki) options such as caching DNS responses, locally logging DNS queries, and custom block lists. You can [add custom resolvers by DNS stamp](https://medium.com/privacyguides/adding-custom-dns-over-https-resolvers-to-dnscloak-20ff5845f4b5).
|
||||
|
||||
[:octicons-repo-16: Repository](https://github.com/s-s/dnscloak){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view){ .card-link title="Privacy Policy" }
|
||||
[:octicons-code-16:](https://github.com/s-s/dnscloak){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1452162351)
|
||||
|
||||
### dnscrypt-proxy
|
||||
|
||||
!!! recommendation
|
||||
@ -166,5 +150,3 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
|
||||
[:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -188,5 +188,3 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f
|
||||
|
||||
- [:fontawesome-brands-linux: Linux](https://neomutt.org/distro)
|
||||
- [:fontawesome-brands-apple: macOS](https://neomutt.org/distro)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -240,7 +240,7 @@ Using an aliasing service requires trusting both your email provider and your al
|
||||
- [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
|
||||
- [:fontawesome-brands-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
|
||||
|
||||
The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/month plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
|
||||
The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
|
||||
|
||||
Notable free features:
|
||||
|
||||
@ -274,9 +274,11 @@ Notable free features:
|
||||
|
||||
SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit/) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf).
|
||||
|
||||
You can link your SimpleLogin account in the settings with your Proton account. If you have Proton Unlimited, Business or Visionary Plan, you will have SimpleLogin Premium for free.
|
||||
|
||||
Notable free features:
|
||||
|
||||
- [x] 15 Shared Aliases
|
||||
- [x] 10 Shared Aliases
|
||||
- [x] Unlimited Replies
|
||||
- [x] 1 Recipient Mailbox
|
||||
|
||||
@ -420,5 +422,3 @@ Must not have any marketing which is irresponsible:
|
||||
### Additional Functionality
|
||||
|
||||
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -226,7 +226,7 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Tomb** is an is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
|
||||
**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
|
||||
@ -326,5 +326,3 @@ When encrypting with PGP, you have the option to configure different options in
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain/)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -6,24 +6,6 @@ Discover how to privately share your files between your devices, with your frien
|
||||
|
||||
## File Sharing
|
||||
|
||||
### Magic Wormhole
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Magic Wormhole** is a package that provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another.
|
||||
|
||||
[:octicons-repo-16: Repository](https://github.com/magic-wormhole/magic-wormhole){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://magic-wormhole.readthedocs.io/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/magic-wormhole/magic-wormhole){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
|
||||
- [:fontawesome-brands-apple: macOS](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#macos-os-x)
|
||||
- [:fontawesome-brands-linux: Linux](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
|
||||
|
||||
### Bitwarden Send
|
||||
|
||||
!!! recommendation
|
||||
|
||||
@ -54,7 +54,7 @@ Tumbleweed follows a rolling release model where each update is released as a sn
|
||||
|
||||
Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
|
||||
|
||||
Being a DIY distribution, you are [expected to set up and maintain](#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
|
||||
Being a DIY distribution, you are [expected to set up and maintain](linux-desktop/overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
|
||||
|
||||
A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org).
|
||||
|
||||
@ -116,13 +116,13 @@ Nix is a source-based package manager; if there’s no pre-built available in th
|
||||
[:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=Documentation}
|
||||
[:octicons-heart-16:](https://www.whonix.org/wiki/Donate){ .card-link title=Contribute }
|
||||
|
||||
Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation has to go through the Tor gateway and will be routed through the Tor Network.
|
||||
Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden.
|
||||
|
||||
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator.
|
||||
|
||||
Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
|
||||
|
||||
Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers).
|
||||
Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has various [disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors.
|
||||
|
||||
### Tails
|
||||
|
||||
@ -140,4 +140,4 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
|
||||
|
||||
By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/first_steps/persistence/index.en.html) can be configured to store some data.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
|
||||
|
||||
@ -10,9 +10,14 @@ A [firewall](https://en.wikipedia.org/wiki/Firewall_(computing)) may be used to
|
||||
|
||||
Red Hat distributions (such as Fedora) are typically configured through [firewalld](https://en.wikipedia.org/wiki/Firewalld). Red Hat has plenty of [documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-and-configuring-firewalld_configuring-and-managing-networking) regarding this topic. There is also the [Uncomplicated Firewall](https://en.wikipedia.org/wiki/Uncomplicated_Firewall) which can be used as an alternative.
|
||||
|
||||
Consider blocking all ports which are **not** [well-known](https://en.wikipedia.org/wiki/Well-known_port#Well-known_ports) or “privileged ports.” That is, ports from 1025 up to 65535. Block both [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) and [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) after the operating system is installed.
|
||||
You could also set your default firewall zone to drop packets. If you're on a Redhat based distribution, such as Fedora this can be done with the following commands:
|
||||
|
||||
If you use Fedora, consider removing the whitelist for [smb](https://en.wikipedia.org/wiki/Server_Message_Block)-client and [mdns](https://en.wikipedia.org/wiki/Multicast_DNS) services if you do not use them.
|
||||
!!! Example
|
||||
```
|
||||
firewall-cmd --set-default-zone=drop;
|
||||
firewall-cmd --add-protocol=ipv6-icmp --permanent;
|
||||
firewall-cmd --add-service=dhcpv6-client --permanent;
|
||||
```
|
||||
|
||||
All these firewalls use the [Netfilter](https://en.wikipedia.org/wiki/Netfilter) framework and therefore cannot protect against malicious programs running on the system. A malicious program could insert its own rules.
|
||||
|
||||
@ -22,13 +27,14 @@ If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_
|
||||
|
||||
## Kernel hardening
|
||||
|
||||
There are some additional kernel hardening options such as configuring [sysctl](https://en.wikipedia.org/wiki/Sysctl#Linux) keys and [kernel command-line parameters](https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html) which are described in the following pages. We don’t recommend you change these options unless you learn about what they do.
|
||||
Kernel hardening options such as configuring [sysctl](https://en.wikipedia.org/wiki/Sysctl#Linux) keys and [kernel command-line parameters](https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html) can help harden your system. We suggest looking at the following [sysctl settings](https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl) and [boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters).
|
||||
|
||||
- [Recommended sysctl settings](https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl)
|
||||
- [Recommended boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters)
|
||||
- [Additional recommendations to reduce the kernel's attack surface](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction)
|
||||
We **strongly** recommend that you learn what these options do before applying them. There are also some methods of [kernel attack surface reduction](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction) and [access restrictions to sysfs](https://madaidans-insecurities.github.io/guides/linux-hardening.html#restricting-sysfs) that can further improve security.
|
||||
|
||||
Do **not** disable unprivileged user namespaces if you use software that relies on it, like: Podman, Docker and LXC containers. The option will prevent this software from working.
|
||||
!!! Note
|
||||
Unprivileged [user namespaces](https://madaidans-insecurities.github.io/linux.html#kernel) can be disabled, due to it being responsible for various privileged escalation vulnerabilities. Some software such as Docker, Podman, and LXC require unprivileged user namespaces to function. If you use these tools you should not disable `kernel.unprivileged_userns_clone`.
|
||||
|
||||
Disabling access to `/sys` without a proper whitelist will lead to various applications breaking. This will unfortunately be an extremely tedious process for most users. Kicksecure, and by extension, Whonix, has an experimental [hide hardware info service](https://github.com/Kicksecure/security-misc/blob/master/lib/systemd/system/hide-hardware-info.service) which does just this. From our testing, these work perfectly fine on minimal Kicksecure installations and both Qubes-Whonix Workstation and Gateway. If you are using Kicksecure or Whonix, we recommend that you follow the [Kicksecure Wiki](https://www.kicksecure.com/wiki/Security-misc) to enable hide hardware info service.
|
||||
|
||||
## Linux-Hardened
|
||||
|
||||
@ -38,11 +44,13 @@ Some distributions like Arch Linux have the [linux-hardened](https://github.com/
|
||||
|
||||
LKRG is a kernel module that performs runtime integrity check on the kernel to help detect exploits against the kernel. LKRG works in a *post*-detect fashion, attempting to respond to unauthorized modifications to the running Linux kernel. While it is [bypassable by design](https://lkrg.org/), it does stop off-the-shelf malware that does not specifically target LKRG itself. This may make exploits harder to develop and execute on vulnerable systems.
|
||||
|
||||
If you can get LKRG and maintain module updates it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions on how this can be achieved. There is no LKRG package for Fedora yet, however the Qubes OS project has a COPR repository which [may become](https://github.com/QubesOS/qubes-issues/issues/5461) part of the main distribution in the future. Archlinux based systems provide LKRG DKMS modules via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
|
||||
If you can get LKRG and maintain module updates, it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS package from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions.
|
||||
|
||||
On Fedora, [fepitre](https://github.com/fepitre), a QubesOS developer has a [COPR repository](https://copr.fedorainfracloud.org/coprs/fepitre/lkrg/) where you can install it. Arch based systems can obtain the LKRG DKMS package via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
|
||||
|
||||
## GRSecurity
|
||||
|
||||
GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. It requires [payment to access](https://github.com/QubesOS/qubes-issues/issues/5461) the code.
|
||||
GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. It requires [payment to access](https://grsecurity.net/purchase) the code and is worth using if you have a subscription.
|
||||
|
||||
## Simultaneous multithreading (SMT)
|
||||
|
||||
@ -66,9 +74,25 @@ These flags could also be applied to `/home` and `/root` as well, however, `noex
|
||||
|
||||
If you use [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/), `/var/log/journal` must not have any of those options. If you are on Arch Linux, do not apply `noexec` to `/var/tmp`.
|
||||
|
||||
## Disabling SUID
|
||||
|
||||
SUID allows a user to execute an application as the owner of that application, which in many cases, would be the `root` user. Vulnerable SUID executables could lead to privilege escalation vulnerabilities.
|
||||
|
||||
It is desirable to remove SUID from as many binaries as possible; however, this takes substantial effort and trial and error on the user's part, as some applications require SUID to function.
|
||||
|
||||
Kicksecure, and by extension, Whonix has an experimental [permission hardening service](https://github.com/Kicksecure/security-misc/blob/master/lib/systemd/system/permission-hardening.service) and [application whitelist](https://github.com/Kicksecure/security-misc/tree/master/etc/permission-hardening.d) to automate SUID removal from most binaries and libraries on the system. From our testing, these work perfectly fine on a minimal Kicksecure installation and both Qubes-Whonix Workstation and Gateway.
|
||||
|
||||
If you are using Kicksecure or Whonix, we recommend that you follow the [Kicksecure Wiki](https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener) to enable the permission hardener.
|
||||
|
||||
Users of other distributions can adapt the permission hardener to their own system based on the source code linked above.
|
||||
|
||||
## Secure Time Synchronization
|
||||
|
||||
Most Linux distributions by default (especially Arch based distributions with `systemd-timesyncd`) use un-encrypted NTP for time synchronization. Securing NTP can be achieved by [configuring NTS with chronyd](https://fedoramagazine.org/secure-ntp-with-nts/) or by using [swdate](https://github.com/Kicksecure/sdwdate) on Debian based distributions.
|
||||
|
||||
## Linux Pluggable Authentication Modules (PAM)
|
||||
|
||||
There is also further hardening to [PAM](https://en.wikipedia.org/wiki/Linux_PAM) to secure authentication to your system. [This guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#pam) has some tips on this.
|
||||
The security of [PAM](https://en.wikipedia.org/wiki/Linux_PAM) can be [hardened](https://madaidans-insecurities.github.io/guides/linux-hardening.html#pam) to allow secure authentication to your system.
|
||||
|
||||
On Red Hat distributions you can use [`authselect`](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_authentication_and_authorization_in_rhel/configuring-user-authentication-using-authselect_configuring-authentication-and-authorization-in-rhel) to configure this e.g.:
|
||||
|
||||
@ -86,27 +110,25 @@ Another alternative option if you’re using the [linux-hardened](#linux-hardene
|
||||
|
||||
## Secure Boot
|
||||
|
||||
[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader). Some guidance for this is provided in [this physical security guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#physical-security) and [this verified boot guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#verified-boot).
|
||||
[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader).
|
||||
|
||||
For further resources on Secure Boot, we suggest taking a look at the following for instructional advice:
|
||||
One of the problems with Secure Boot, particularly on Linux is, that only the [chainloader](https://en.wikipedia.org/wiki/Chain_loading#Chain_loading_in_boot_manager_programs) (shim), the [boot loader](https://en.wikipedia.org/wiki/Bootloader) (GRUB), and the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)) are verified and that's where verification stops. The [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) is often left unverified, unencrypted, and open up the window for an [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attack. The firmware on most devices is also configured to trust Microsoft's keys for Windows and its partners, leading to a large attacks surface.
|
||||
|
||||
- The Archwiki’s [Secure Boot](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot) article. There are two main methods, the first is to use a [shim](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#shim), the second more complete way is to [use your own keys](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys).
|
||||
To eliminate the need to trust Microsoft's keys, follow the "Using your own keys" section on the [Arch Wiki](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot). The important thing that needs to be done here is to replace the OEM's key with your own Platform Key.
|
||||
|
||||
For the background of how Secure Boot works on Linux:
|
||||
There are several ways to work around the unverified initramfs:
|
||||
|
||||
- [The Strange State of Authenticated Boot and Disk Encryption on Generic Linux Distributions](https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html)
|
||||
- [Rod Smith’s Managing EFI Boot Loaders for Linux](https://www.rodsbooks.com/efi-bootloaders/)
|
||||
- [Dealing with Secure Boot](https://www.rodsbooks.com/efi-bootloaders/secureboot.html)
|
||||
- [Controlling Secure Boot](https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html)
|
||||
The first way is to [encrypt the /boot partition](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot). If you are on Fedora Workstation (not Silverblue), you can follow [this guide](https://mutschler.eu/linux/install-guides/fedora-btrfs-33/) to convert the existing installation to encrypted `/boot`. openSUSE comes with this that by default.
|
||||
|
||||
One of the problems with Secure Boot particularly on Linux is that only the [chainloader](https://en.wikipedia.org/wiki/Chain_loading#Chain_loading_in_boot_manager_programs) (shim), the [boot loader](https://en.wikipedia.org/wiki/Bootloader) (GRUB), and the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)) are verified and that’s where verification stops. The [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) is often left unverified, unencrypted, and open up the window for an [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attack. There are a few things that can be done to reduce risk such as:
|
||||
Encrypting `/boot` however have its own issues, one being that [GRUB](https://en.wikipedia.org/wiki/GNU_GRUB) only supports [LUKS1](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) and not the newer default LUKS2 scheme. As the bootloader runs in [protected mode](https://en.wikipedia.org/wiki/Protected_mode) and the encryption module lacks [SSE acceleration](https://en.wikipedia.org/wiki/Streaming_SIMD_Extensions) so the boot process will take minutes to complete. Another problem with this is that you have to type the encryption password twice, which could be solved by following the [openSUSE Wiki](https://en.opensuse.org/SDB:Encrypted_root_file_system#Avoiding_to_type_the_passphrase_twice).
|
||||
|
||||
- Creating an [EFI Boot Stub](https://docs.kernel.org/admin-guide/efi-stub.html) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option.
|
||||
- [Encrypting the boot partition](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot). However, this has its own issues, the first being that [GRUB](https://en.wikipedia.org/wiki/GNU_GRUB) only supports [LUKS1](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) and not the newer default LUKS2 scheme. As the bootloader runs in [protected mode](https://en.wikipedia.org/wiki/Protected_mode) and the encryption module lacks [SSE acceleration](https://en.wikipedia.org/wiki/Streaming_SIMD_Extensions) the boot process will take minutes to complete.
|
||||
- Using TPM to perform a [measured boot](https://www.krose.org/~krose/measured_boot).
|
||||
There are a few options depending on your configuration:
|
||||
|
||||
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
|
||||
- If you enroll your own keys as described above, and your distribution supports Secure Boot by default, you can add your distribution's EFI Key into the list of trusted keys (db keys). It can then be enrolled into the firmware. Then, you should move all of your keys off your local storage device.
|
||||
- If you enroll your own keys as described above, and your distribution does **not** support Secure Boot out of the box (like Arch Linux), you have to leave the keys on the disk and setup automatic signing of the [kernel](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Signing_the_kernel_with_a_pacman_hook) and bootloader. If you are using Grub, you can install it with the `--no-shim-lock` option and remove the need for the chainloader.
|
||||
|
||||
The second option is to creating an [EFI Boot Stub](https://wiki.archlinux.org/title/Unified_kernel_image) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk), and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option. This option also requires you to leave the keys on the disk to setup automatic signing, which weakens the security model.
|
||||
|
||||
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password”, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
|
||||
|
||||
These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Linux Overview
|
||||
icon: fontawesome/brands/linux
|
||||
---
|
||||
It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/2022/02/02/floss-security.html). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
|
||||
It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
|
||||
|
||||
At the moment, desktop GNU/Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.:
|
||||
|
||||
@ -56,7 +56,7 @@ There is often some confusion about “security-focused” distributions and “
|
||||
|
||||
### Arch-based distributions
|
||||
|
||||
Arch based distributions are not recommended for those new to Linux, regardless of the distribution. Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
|
||||
Arch based distributions are not recommended for those new to Linux, (regardless of distribution) as they require regular [system maintenance](https://wiki.archlinux.org/title/System_maintenance). Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
|
||||
|
||||
For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit).
|
||||
|
||||
@ -67,6 +67,10 @@ If you are experienced with Linux and wish to use an Arch-based distribution, we
|
||||
- **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories.
|
||||
- **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks.
|
||||
|
||||
### Kicksecure
|
||||
|
||||
While we strongly recommend against using outdated distributions like Debian, if you decide to use it, we suggest that you [convert](https://www.kicksecure.com/wiki/Debian) it into [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default.
|
||||
|
||||
### Linux-libre kernel and “Libre” distributions
|
||||
|
||||
We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
|
||||
@ -126,5 +130,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co
|
||||
This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
|
||||
|
||||
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -62,5 +62,3 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
|
||||
Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
|
||||
|
||||
The above container technologies can be useful if you want to run certain web app software on your local network, such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [LinuxServer.io](https://www.linuxserver.io), to increase privacy by decreasing dependence on various web services. A guide on [hardening Docker and OCI](https://wonderfall.dev/docker-hardening) has been written by the author "Wonderfall."
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -128,5 +128,3 @@ The app offers multiple ways to erase metadata from images. Namely:
|
||||
```bash
|
||||
exiftool -all= *.file_extension
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
173
docs/mobile-browsers.en.md
Normal file
173
docs/mobile-browsers.en.md
Normal file
@ -0,0 +1,173 @@
|
||||
---
|
||||
title: "Mobile Browsers"
|
||||
icon: octicons/device-mobile-16
|
||||
---
|
||||
These are our currently recommended mobile web browsers and configurations. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
|
||||
## Android
|
||||
|
||||
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
|
||||
|
||||
### Tor Browser
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
|
||||
|
||||
The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
|
||||
[:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
|
||||
[:octicons-info-16:](https://tb-manual.torproject.org/mobile-tor/){ .card-link title=Documentation }
|
||||
[:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/fenix){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
|
||||
|
||||
### Brave
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default.
|
||||
|
||||
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
|
||||
|
||||
[:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
|
||||
[:pg-tor:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
|
||||
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads annotate
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser)
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](#tor-browser) will be traceable by *somebody* in some regard or another.
|
||||
|
||||
These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy**
|
||||
|
||||
##### Shields
|
||||
|
||||
Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit.
|
||||
|
||||
Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following:
|
||||
|
||||
<div class="annotate" markdown>
|
||||
|
||||
- [x] Select **Aggressive** under Block trackers & ads
|
||||
|
||||
??? warning "Use default filter lists"
|
||||
Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
|
||||
|
||||
- [x] (Optional) Select **Block Scripts** (1)
|
||||
- [x] Select **Strict, may break sites** under Block fingerprinting
|
||||
|
||||
</div>
|
||||
|
||||
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension.
|
||||
|
||||
##### Social Media Blocking
|
||||
|
||||
- [ ] Uncheck all social media components
|
||||
|
||||
##### IPFS
|
||||
|
||||
InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.
|
||||
|
||||
- [ ] Uncheck **IPFS Gateway**
|
||||
|
||||
##### Other privacy settings
|
||||
|
||||
- [x] Select **Disable Non-Proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
|
||||
- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
|
||||
- [ ] Uncheck **Automatically send daily usage ping to Brave**
|
||||
- [ ] Uncheck **Automatically send diagnostic reports**
|
||||
- [x] Select **Always use secure connections**
|
||||
- [x] Select **Close tabs on exit**
|
||||
- [x] Select **Clear data on exit**
|
||||
|
||||
## iOS
|
||||
|
||||
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
|
||||
|
||||
### Safari
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**.
|
||||
|
||||
##### Cross-Site Tracking Prevention
|
||||
|
||||
- [x] Enable **Prevent Cross-Site Tracking**
|
||||
|
||||
This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
|
||||
|
||||
##### Privacy Report
|
||||
|
||||
Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
|
||||
|
||||
Privacy Report is accessible via the Page Settings menu (:pg-textformat-size:).
|
||||
|
||||
##### Privacy Preserving Ad Measurement
|
||||
|
||||
- [ ] Disable **Privacy Preserving Ad Measurement**
|
||||
|
||||
Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
|
||||
|
||||
The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
|
||||
|
||||
##### Always-on Private Browsing
|
||||
|
||||
Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
|
||||
|
||||
- [x] Select **Private**
|
||||
|
||||
Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
|
||||
|
||||
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
|
||||
|
||||
##### iCloud Sync
|
||||
|
||||
Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
|
||||
|
||||
If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
|
||||
|
||||
### AdGuard
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
|
||||
|
||||
AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
|
||||
|
||||
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
|
||||
|
||||
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
|
||||
@ -104,5 +104,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/us/app/raivo-otp/id1498497896)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -31,7 +31,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports it supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) and [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
|
||||
**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
|
||||
|
||||
[:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
|
||||
[:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" }
|
||||
|
||||
@ -96,5 +96,3 @@ Joplin does not support password/pin protection for the [application itself or i
|
||||
[:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute }
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -146,5 +146,3 @@ These products are minimal password managers that can be used within scripting a
|
||||
- [:fontawesome-brands-apple: macOS](https://www.gopass.pw/#install-macos)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.gopass.pw/#install-linux)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -90,5 +90,3 @@ For other platforms, consider below:
|
||||
[:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
|
||||
[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -12,7 +12,7 @@ icon: material/chat-processing
|
||||
|
||||
**Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling.
|
||||
|
||||
All communications are E2EE. Contact lists are encrypted using your login PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts who add you.
|
||||
All communications are E2EE. Contact lists are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with.
|
||||
|
||||
[:octicons-home-16: Homepage](https://signal.org/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
|
||||
@ -28,14 +28,24 @@ icon: material/chat-processing
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id874139669)
|
||||
|
||||
Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server.
|
||||
|
||||
Signal requires your phone number as a personal identifier.
|
||||
|
||||
[Sealed Sender](https://signal.org/blog/sealed-sender/) is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.
|
||||
Signal supports [private groups](https://signal.org/blog/signal-private-group-system/). The server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam. Signal requires your phone number as a personal identifier.
|
||||
|
||||
The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/).
|
||||
|
||||
We also suggest Molly as an alternative to the official Signal app.
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Molly** is a Signal fork for Android that provides additional hardening and security features to Signal.
|
||||
|
||||
[:octicons-home-16: Homepage](https://molly.im/){ .md-button }
|
||||
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://github.com/mollyim/mollyim-android#readme){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title=Contribute }
|
||||
|
||||
[Signal Configuration and Hardening :hero-arrow-circle-right-fill:](./advanced/signal-configuration-hardening.md)
|
||||
|
||||
### Element
|
||||
|
||||
!!! recommendation
|
||||
@ -133,7 +143,7 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https://
|
||||
|
||||
## Types of Communication Networks
|
||||
|
||||
There are several network architectures commonly used to relay messages between people. These networks can provide different different privacy guarantees, which is why it's worth considering your [threat model](https://en.wikipedia.org/wiki/Threat_model) when making a decision about which app to use.
|
||||
There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](https://en.wikipedia.org/wiki/Threat_model) when making a decision about which app to use.
|
||||
|
||||
### Centralized Networks
|
||||
|
||||
@ -228,5 +238,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster
|
||||
- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
|
||||
- More complex to get started as the creation and secured backup of a cryptographic private key is required.
|
||||
- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform, hence features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -33,5 +33,3 @@ You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to
|
||||
[:octicons-info-16:](https://docs.netgate.com/pfsense/en/latest/){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/pfsense/pfsense){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://www.pfsense.org/get-involved/){ .card-link title=Contribute }
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -25,7 +25,7 @@ Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your thr
|
||||
[:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
|
||||
|
||||
Brave Search is based in the :flag_us: United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
|
||||
Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
|
||||
|
||||
## DuckDuckGo
|
||||
|
||||
@ -42,7 +42,7 @@ Brave Search is based in the :flag_us: United States. Their [privacy policy](htt
|
||||
[:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://help.duckduckgo.com/){ .card-link title=Documentation}
|
||||
|
||||
DuckDuckGo is based in the :flag_us: United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
|
||||
DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
|
||||
|
||||
DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript/) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
|
||||
|
||||
@ -71,7 +71,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**Startpage** is a private search engine known for serving Google search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](browsers.md#tor-browser) instead.
|
||||
**Startpage** is a private search engine known for serving Google search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](desktop-browsers.md#tor-browser) instead.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
@ -81,8 +81,6 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
|
||||
|
||||
Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider.
|
||||
|
||||
Startpage is based in the :flag_nl: Netherlands. According to their [privacy policy](https://www.startpage.com/en/privacy-policy/), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
|
||||
Startpage is based in the Netherlands. According to their [privacy policy](https://www.startpage.com/en/privacy-policy/), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
|
||||
|
||||
Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -77,5 +77,3 @@ These networks are designed to keep your traffic anonymous.
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://support.torproject.org/tormobile/tormobile-7/)
|
||||
- [:fontawesome-brands-android: Android](https://www.torproject.org/download/#android)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -11,35 +11,52 @@ If you want assistance figuring out the best privacy tools and alternative progr
|
||||
|
||||
For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page.
|
||||
|
||||
## Web Browsers
|
||||
## Desktop Web Browsers
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Tor Browser](browsers.md#tor-browser)
|
||||
- { .twemoji } [Firefox (Desktop)](browsers.md#firefox)
|
||||
- { .twemoji } [Brave (Desktop)](browsers.md#brave)
|
||||
- { .twemoji } [Bromite (Android)](browsers.md#bromite)
|
||||
- { .twemoji } [Safari (iOS)](browsers.md#safari)
|
||||
- { .twemoji } [Tor Browser](desktop-browsers.md#tor-browser)
|
||||
- { .twemoji } [Firefox](desktop-browsers.md#firefox)
|
||||
- { .twemoji } [Brave](desktop-browsers.md#brave)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](browsers.md)
|
||||
[Learn more :hero-arrow-circle-right-fill:](desktop-browsers.md)
|
||||
|
||||
**Additional Resources:**
|
||||
### Additional Resources
|
||||
|
||||
<div class="grid cards annotate" markdown>
|
||||
|
||||
- { .twemoji } [uBlock Origin](browsers.md#ublock-origin)
|
||||
- { .twemoji } [AdGuard for iOS](browsers.md#adguard-for-ios)
|
||||
- { .twemoji }{ .twemoji } [Snowflake](browsers.md#snowflake) (1)
|
||||
- { .twemoji } [Terms of Service; Didn't Read](browsers.md#terms-of-service-didnt-read) (2)
|
||||
- { .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin)
|
||||
- { .twemoji }{ .twemoji } [Snowflake](desktop-browsers.md#snowflake) (1)
|
||||
|
||||
</div>
|
||||
|
||||
1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
|
||||
2. We do not recommend installing ToS;DR as a browser extension. The same information is provided on their website.
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](browsers.md#additional-resources)
|
||||
[Learn more :hero-arrow-circle-right-fill:](desktop-browsers.md#additional-resources)
|
||||
|
||||
## Mobile Web Browsers
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Tor Browser (Android)](mobile-browsers.md#tor-browser)
|
||||
- { .twemoji } [Brave (Android)](mobile-browsers.md#brave)
|
||||
- { .twemoji } [Safari (iOS)](mobile-browsers.md#safari)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](mobile-browsers.md)
|
||||
|
||||
### Additional Resources
|
||||
|
||||
<div class="grid cards annotate" markdown>
|
||||
|
||||
- { .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](mobile-browsers.md#adguard)
|
||||
|
||||
## Operating Systems
|
||||
|
||||
@ -49,13 +66,12 @@ For more details about each project, why they were chosen, and additional tips o
|
||||
|
||||
- { .twemoji }{ .twemoji } [GrapheneOS](android.md#grapheneos)
|
||||
- { .twemoji } [DivestOS](android.md#divestos)
|
||||
- { .twemoji } [CalyxOS](android.md#calyxos)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](android.md)
|
||||
|
||||
**Android Apps:**
|
||||
### Android Apps
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -117,25 +133,24 @@ For more details about each project, why they were chosen, and additional tips o
|
||||
|
||||
### DNS
|
||||
|
||||
**DNS Providers:**
|
||||
#### DNS Providers
|
||||
|
||||
We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net/) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended.
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](dns.md)
|
||||
|
||||
**Encrypted DNS Proxies:**
|
||||
#### Encrypted DNS Proxies
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji }{ .twemoji } [RethinkDNS](dns.md#rethinkdns)
|
||||
- { .twemoji } [DNSCloak](dns.md#dnscloak)
|
||||
- { .twemoji } [dnscrypt-proxy](dns.md#dnscrypt-proxy)
|
||||
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](dns.md#encrypted-dns-proxies)
|
||||
|
||||
**Self-hosted Solutions:**
|
||||
#### Self-hosted Solutions
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -150,7 +165,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Proton Mail](email.md#protonmail)
|
||||
- { .twemoji } [Proton Mail](email.md#proton-mail)
|
||||
- { .twemoji } [Mailbox.org](email.md#mailboxorg)
|
||||
- { .twemoji }{ .twemoji } [StartMail](email.md#startmail)
|
||||
- { .twemoji } [Tutanota](email.md#tutanota)
|
||||
@ -159,7 +174,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](email.md)
|
||||
|
||||
**Email Aliasing Services:**
|
||||
#### Email Aliasing Services
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -170,7 +185,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](email.md#email-aliasing-services)
|
||||
|
||||
**Self-Hosting Email:**
|
||||
#### Self-Hosting Email
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -208,7 +223,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Proton VPN](vpn.md#protonvpn)
|
||||
- { .twemoji } [Proton VPN](vpn.md#proton-vpn)
|
||||
- { .twemoji } [IVPN](vpn.md#ivpn)
|
||||
- { .twemoji } [Mullvad](vpn.md#mullvad)
|
||||
|
||||
@ -248,14 +263,14 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Thunderbird](email-clients.md#thunderbird)
|
||||
- { .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail)
|
||||
- { .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail)
|
||||
- { .twemoji } [FairEmail (Android)](email-clients.md#fairemail)
|
||||
- { .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution)
|
||||
- { .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail)
|
||||
- { .twemoji } [Kontact (Linux)](email-clients.md#kontact)
|
||||
- { .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope)
|
||||
- { .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt)
|
||||
- { .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail-macos)
|
||||
- { .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail-ios)
|
||||
- { .twemoji } [FairEmail (Android)](email-clients.md#fairemail-android)
|
||||
- { .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome)
|
||||
- { .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android)
|
||||
- { .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde)
|
||||
- { .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope-browser)
|
||||
- { .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli)
|
||||
|
||||
</div>
|
||||
|
||||
@ -271,9 +286,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Cryptomator](encryption.md#cryptomator)
|
||||
- { .twemoji } [Picocrypt](encryption.md#picocrypt)
|
||||
- { .twemoji }{ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt)
|
||||
- { .twemoji } [Cryptomator](encryption.md#cryptomator-cloud)
|
||||
- { .twemoji } [Picocrypt](encryption.md#picocrypt-file)
|
||||
- { .twemoji }{ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt-disk)
|
||||
- { .twemoji }{ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh)
|
||||
- { .twemoji } [Kryptor](encryption.md#kryptor)
|
||||
- { .twemoji } [Tomb](encryption.md#tomb)
|
||||
@ -282,7 +297,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](encryption.md)
|
||||
|
||||
**OpenPGP Clients:**
|
||||
#### OpenPGP Clients
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
@ -299,7 +314,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Magic Wormhole](file-sharing.md#magic-wormhole)
|
||||
- { .twemoji } [Bitwarden](file-sharing.md#bitwarden-send)
|
||||
- { .twemoji } [OnionShare](file-sharing.md#onionshare)
|
||||
- { .twemoji } [FreedomBox](file-sharing.md#freedombox)
|
||||
@ -316,7 +330,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
- { .twemoji } [ExifCleaner](metadata-removal-tools.md#exifcleaner)
|
||||
- { .twemoji } [MAT2](metadata-removal-tools.md#mat2)
|
||||
- { .twemoji } [ExifEraser (Android)](metadata-removal-tools.md#exiferaser-android)
|
||||
- { .twemoji } [Metapho (iOS)](metadata-removal-tools.md#metapho)
|
||||
- { .twemoji } [Metapho (iOS)](metadata-removal-tools.md#metapho-ios)
|
||||
- { .twemoji } [ExifTool (CLI)](metadata-removal-tools.md#exiftool)
|
||||
|
||||
</div>
|
||||
@ -369,9 +383,10 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Signal](real-time-communication.md#signal)
|
||||
- { .twemoji } [Molly (Hardened Signal fork for Android)](/advanced/signal-configuration-hardening/#hardening-signal-with-molly-on-android)
|
||||
- { .twemoji } [Element](real-time-communication.md#element)
|
||||
- { .twemoji } [Session](real-time-communication.md#session)
|
||||
- { .twemoji } [Briar (Android)](real-time-communication.md#briar)
|
||||
- { .twemoji } [Briar (Android)](real-time-communication.md#briar-android)
|
||||
|
||||
</div>
|
||||
|
||||
@ -397,7 +412,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Freenet](self-contained-networks.md#the-freenet-project)
|
||||
- { .twemoji } [Freenet](self-contained-networks.md#freenet)
|
||||
- { .twemoji } { .twemoji } [I2P](self-contained-networks.md#invisible-internet-project)
|
||||
- { .twemoji } [Tor](self-contained-networks.md#tor)
|
||||
|
||||
@ -419,5 +434,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
</div>
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](video-streaming.md)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -187,5 +187,3 @@ When you are using a Librarian instance, make sure to read the privacy policy of
|
||||
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
|
||||
|
||||
When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -44,9 +44,9 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
1. A further 10% is discounted with a 2-year subscription ($119.76).
|
||||
|
||||
??? check annotate "63 Countries"
|
||||
??? check annotate "64 Countries"
|
||||
|
||||
Proton VPN has [servers in 63 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
Proton VPN has [servers in 64 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
||||
|
||||
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
||||
|
||||
@ -80,7 +80,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
|
||||
Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
|
||||
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
|
||||
|
||||
### IVPN
|
||||
|
||||
@ -133,7 +133,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
|
||||
IVPN clients support two factor authentication (Mullvad and Proton VPN clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
|
||||
|
||||
### Mullvad
|
||||
|
||||
@ -199,7 +199,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
|
||||
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/en/index.html) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
|
||||
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
|
||||
|
||||
## Our Criteria
|
||||
|
||||
@ -298,5 +298,3 @@ Responsible marketing that is both educational and useful to the consumer could
|
||||
### Additional Functionality
|
||||
|
||||
While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
*[EEA]: European Economic Area
|
||||
*[EOL]: End-of-Life
|
||||
*[Exif]: Exchangeable image file format
|
||||
*[FCM]: Firebase Cloud Messaging
|
||||
*[FDE]: Full Disk Encryption
|
||||
*[FIDO]: Fast IDentity Online
|
||||
*[GDPR]: General Data Protection Regulation
|
||||
@ -44,6 +45,7 @@
|
||||
*[MEID]: Mobile Equipment Identifier
|
||||
*[MFA]: Multi-Factor Authentication
|
||||
*[NVMe]: Nonvolatile Memory Express
|
||||
*[NTP]: Network Time Protocol
|
||||
*[OCI]: Open Container Initiative
|
||||
*[OCSP]: Online Certificate Status Protocol
|
||||
*[OEM]: Original Equipment Manufacturer
|
||||
@ -53,6 +55,7 @@
|
||||
*[OTPs]: One-Time Passwords
|
||||
*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
|
||||
*[P2P]: Peer-to-Peer
|
||||
*[PAM]: Linux Pluggable Authentication Modules
|
||||
*[PGP]: Pretty Good Privacy (see OpenPGP)
|
||||
*[PII]: Personally Identifiable Information
|
||||
*[QNAME]: Qualified Name
|
||||
@ -64,6 +67,7 @@
|
||||
*[SNI]: Server Name Indication
|
||||
*[SSD]: Solid-State Drive
|
||||
*[SSH]: Secure Shell
|
||||
*[SUID]: Set Owner User ID
|
||||
*[SaaS]: Software as a Service (cloud software)
|
||||
*[SoC]: System on Chip
|
||||
*[TCP]: Transmission Control Protocol
|
||||
@ -72,6 +76,7 @@
|
||||
*[TOTP]: Time-based One-Time Password
|
||||
*[TPM]: Trusted Platform Module
|
||||
*[U2F]: Universal 2nd Factor
|
||||
*[UEFI]: Unified Extensible Firmware Interface
|
||||
*[UDP]: User Datagram Protocol
|
||||
*[VPN]: Virtual Private Network
|
||||
*[VoIP]: Voice over IP (Internet Protocol)
|
||||
@ -80,5 +85,6 @@
|
||||
*[attack surface]: The attack surface of software or hardware is the sum of the different places an attacker can try to enter data to or extract data from.
|
||||
*[cgroups]: Control Groups
|
||||
*[fork]: In software development, a fork is created when developers take a copy of source code from one software package and start independent development on it, creating a distinct and separate piece of software.
|
||||
*[hypervisor]: A hypervisor is computer software, firmware, or hardware that allows partitioning the resource of a CPU among multiple operating systems or independent programs.
|
||||
*[rolling release]: An update release cycle in which updates are released very frequently, instead of at set intervals.
|
||||
*[walled garden]: A walled garden (or closed platform) is one in which the service provider has control over applications, content, and/or media, and restricts convenient access to non-approved applicants or content.
|
||||
|
||||
Submodule mkdocs-material updated: 4f7b5f1946...4257d4ca2a
70
mkdocs.production.yml
Normal file
70
mkdocs.production.yml
Normal file
@ -0,0 +1,70 @@
|
||||
INHERIT: mkdocs.yml
|
||||
plugins:
|
||||
minify:
|
||||
minify_html: true
|
||||
htmlmin_opts:
|
||||
remove_comments: true
|
||||
privacy:
|
||||
externals_exclude:
|
||||
- cdn.jsdelivr.net/npm/mathjax@3/*
|
||||
- api.privacyguides.net/*
|
||||
- giscus.app/*
|
||||
git-committers:
|
||||
repository: privacyguides/privacyguides.org
|
||||
branch: main
|
||||
token: !ENV GH_TOKEN
|
||||
git-revision-date-localized:
|
||||
exclude:
|
||||
- index.en.md
|
||||
rss:
|
||||
match_path: "blog/.*"
|
||||
pretty_print: true
|
||||
date_from_meta:
|
||||
as_creation: "created"
|
||||
datetime_format: "%Y-%m-%d"
|
||||
|
||||
extra:
|
||||
generator: false
|
||||
analytics:
|
||||
provider: plausible
|
||||
property: privacyguides.org
|
||||
feedback:
|
||||
title: Was this page helpful?
|
||||
ratings:
|
||||
- icon: hero/emoji-happy
|
||||
name: This page was helpful
|
||||
data: Helpful
|
||||
note: Thanks for your feedback!
|
||||
- icon: hero/emoji-sad
|
||||
name: This page could be improved
|
||||
data: Needs Improvement
|
||||
note: Thanks for your feedback! Help us improve this page by opening a <a href="https://github.com/orgs/privacyguides/discussions" target=_blank>discusson on GitHub</a>.
|
||||
|
||||
theme:
|
||||
features:
|
||||
- navigation.tracking
|
||||
- navigation.tabs
|
||||
- navigation.sections
|
||||
- content.tooltips
|
||||
palette:
|
||||
- media: "(prefers-color-scheme)"
|
||||
toggle:
|
||||
icon: hero/sparkles
|
||||
name: Switch to light mode
|
||||
- media: "(prefers-color-scheme: dark)"
|
||||
scheme: slate
|
||||
accent: amber
|
||||
toggle:
|
||||
icon: hero/moon
|
||||
name: Switch to system theme
|
||||
- media: "(prefers-color-scheme: light)"
|
||||
scheme: default
|
||||
accent: deep purple
|
||||
toggle:
|
||||
icon: hero/sun
|
||||
name: Switch to dark mode
|
||||
|
||||
watch:
|
||||
- theme
|
||||
- includes
|
||||
- mkdocs.yml
|
||||
140
mkdocs.yml
140
mkdocs.yml
@ -11,21 +11,6 @@ copyright: |
|
||||
This content was made available by the Privacy Guides team and contributors. <a href="https://github.com/privacyguides/privacyguides">Get involved</a>!
|
||||
|
||||
extra:
|
||||
generator: false
|
||||
analytics:
|
||||
provider: plausible
|
||||
property: privacyguides.org
|
||||
feedback:
|
||||
title: Was this page helpful?
|
||||
ratings:
|
||||
- icon: hero/emoji-happy
|
||||
name: This page was helpful
|
||||
data: Helpful
|
||||
note: Thanks for your feedback!
|
||||
- icon: hero/emoji-sad
|
||||
name: This page could be improved
|
||||
data: Needs Improvement
|
||||
note: Thanks for your feedback! Help us improve this page by opening a <a href="https://github.com/orgs/privacyguides/discussions" target=_blank>discusson on GitHub</a>.
|
||||
social:
|
||||
- icon: pg/matrix
|
||||
link: https://matrix.to/#/#privacyguides:matrix.org
|
||||
@ -57,91 +42,74 @@ theme:
|
||||
- navigation.tracking
|
||||
- navigation.tabs
|
||||
- navigation.sections
|
||||
- content.tooltips
|
||||
palette:
|
||||
- media: "(prefers-color-scheme: light)"
|
||||
scheme: default
|
||||
- scheme: default
|
||||
accent: deep purple
|
||||
toggle:
|
||||
icon: hero/sun
|
||||
name: Switch to dark mode
|
||||
- media: "(prefers-color-scheme: dark)"
|
||||
scheme: slate
|
||||
- scheme: slate
|
||||
accent: amber
|
||||
toggle:
|
||||
icon: hero/moon
|
||||
name: Switch to light mode
|
||||
|
||||
watch:
|
||||
- theme
|
||||
- includes
|
||||
|
||||
plugins:
|
||||
- minify:
|
||||
minify_html: true
|
||||
htmlmin_opts:
|
||||
remove_comments: true
|
||||
- i18n:
|
||||
default_language: en
|
||||
material_alternate: true
|
||||
languages:
|
||||
en:
|
||||
name: English
|
||||
build: false
|
||||
- tags
|
||||
- search
|
||||
- git-revision-date-localized:
|
||||
exclude:
|
||||
- index.en.md
|
||||
- rss:
|
||||
match_path: "blog/.*"
|
||||
pretty_print: true
|
||||
date_from_meta:
|
||||
as_creation: "created"
|
||||
datetime_format: "%Y-%m-%d"
|
||||
- privacy:
|
||||
externals_exclude:
|
||||
- cdn.jsdelivr.net/npm/mathjax@3/*
|
||||
- api.privacyguides.net/*
|
||||
- giscus.app/*
|
||||
i18n:
|
||||
default_language: en
|
||||
material_alternate: true
|
||||
languages:
|
||||
en:
|
||||
name: English
|
||||
build: false
|
||||
tags: {}
|
||||
search: {}
|
||||
|
||||
markdown_extensions:
|
||||
admonition: {}
|
||||
pymdownx.details: {}
|
||||
pymdownx.superfences:
|
||||
custom_fences:
|
||||
- name: mermaid
|
||||
class: mermaid
|
||||
format: !!python/name:pymdownx.superfences.fence_code_format
|
||||
pymdownx.tabbed:
|
||||
alternate_style: true
|
||||
pymdownx.arithmatex:
|
||||
generic: true
|
||||
pymdownx.critic: {}
|
||||
pymdownx.caret: {}
|
||||
pymdownx.keys: {}
|
||||
pymdownx.mark: {}
|
||||
pymdownx.tilde: {}
|
||||
pymdownx.snippets:
|
||||
auto_append:
|
||||
- includes/abbreviations.en.md
|
||||
pymdownx.tasklist:
|
||||
custom_checkbox: true
|
||||
attr_list: {}
|
||||
def_list: {}
|
||||
md_in_html: {}
|
||||
meta: {}
|
||||
abbr: {}
|
||||
pymdownx.emoji:
|
||||
emoji_index: !!python/name:materialx.emoji.twemoji
|
||||
emoji_generator: !!python/name:materialx.emoji.to_svg
|
||||
options:
|
||||
custom_icons:
|
||||
- theme/.icons
|
||||
tables: {}
|
||||
footnotes: {}
|
||||
toc:
|
||||
permalink: true
|
||||
toc_depth: 4
|
||||
|
||||
extra_css:
|
||||
- assets/stylesheets/extra.css?v=2.10.0
|
||||
markdown_extensions:
|
||||
- admonition
|
||||
- pymdownx.details
|
||||
- pymdownx.superfences:
|
||||
custom_fences:
|
||||
- name: mermaid
|
||||
class: mermaid
|
||||
format: !!python/name:pymdownx.superfences.fence_code_format
|
||||
- pymdownx.tabbed:
|
||||
alternate_style: true
|
||||
- pymdownx.arithmatex:
|
||||
generic: true
|
||||
- pymdownx.critic
|
||||
- pymdownx.caret
|
||||
- pymdownx.keys
|
||||
- pymdownx.mark
|
||||
- pymdownx.tilde
|
||||
- pymdownx.snippets
|
||||
- pymdownx.tasklist:
|
||||
custom_checkbox: true
|
||||
- attr_list
|
||||
- def_list
|
||||
- md_in_html
|
||||
- meta
|
||||
- abbr
|
||||
- pymdownx.emoji:
|
||||
emoji_index: !!python/name:materialx.emoji.twemoji
|
||||
emoji_generator: !!python/name:materialx.emoji.to_svg
|
||||
options:
|
||||
custom_icons:
|
||||
- theme/.icons
|
||||
- tables
|
||||
- footnotes
|
||||
- toc:
|
||||
permalink: true
|
||||
toc_depth: 4
|
||||
|
||||
extra_javascript:
|
||||
- assets/javascripts/mathjax.js
|
||||
- assets/javascripts/feedback.js
|
||||
@ -168,10 +136,12 @@ nav:
|
||||
- 'Advanced':
|
||||
- 'advanced/integrating-metadata-removal.md'
|
||||
- 'advanced/erasing-data.md'
|
||||
- 'advanced/signal-configuration-hardening.md'
|
||||
- 'Recommendations':
|
||||
- 'tools.md'
|
||||
- 'Browsers':
|
||||
- 'browsers.md'
|
||||
- 'desktop-browsers.md'
|
||||
- 'mobile-browsers.md'
|
||||
- 'Operating Systems':
|
||||
- 'android.md'
|
||||
- 'linux-desktop.md'
|
||||
|
||||
@ -1,4 +1 @@
|
||||
<svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32">
|
||||
<title>openbsd</title>
|
||||
<path d="M14.802 1.101l-0 0c0.406 0 0.949 1.916 1.135 2.619 0.747 0.066 1.485 0.2 2.208 0.401 0.407-0.701 1.337-2.218 1.707-2.119 0.416 0.111 0.423 2.343 0.418 2.94 0.555 0.283 1.048 0.583 1.595 0.954 0.599-0.592 1.822-1.737 2.144-1.552 0.409 0.236-0.31 2.786-0.384 3.042 0.38 0.394 0.718 0.795 1.080 1.272 0.755-0.426 2.136-1.15 2.389-0.897 0.351 0.351-1.132 2.883-1.132 2.883 0.467 0.884 0.895 2.306 1.071 3.846h0.69c0.304-1.445 0.336-3.98 2.265-3.993 1.262 0.010 2.234 2.543 1.968 4.175-1.745-3.7-2.628-0.96-2.619 1.33-0.009 2.29 0.879 5.021 2.619 1.33 0.27 1.658-0.695 4.11-1.968 4.174-1.635 0-1.643-1.472-2.167-3.555h-0.841c-0.174 1.041-0.605 2.306-1.070 3.407 0 0 1.535 2.532 1.184 2.883-0.253 0.253-1.634-0.471-2.389-0.897-0.331 0.448-0.692 0.873-1.081 1.272 0.073 0.256 0.792 2.806 0.384 3.042-0.321 0.186-1.545-0.96-2.144-1.552-0.507 0.358-1.040 0.677-1.595 0.954 0.005 0.597-0.002 2.829-0.418 2.94-0.37 0.099-1.3-1.418-1.707-2.119-0.722 0.2-1.461 0.334-2.208 0.401-0.186 0.703-0.73 2.619-1.135 2.619-0.404 0-0.946-1.904-1.134-2.613-0.668-0.064-1.449-0.221-2.209-0.407-0.407 0.701-1.337 2.218-1.707 2.119-0.416-0.111-0.423-2.343-0.418-2.94-0.544-0.288-1.057-0.589-1.595-0.954-0.599 0.592-1.822 1.738-2.144 1.552-0.409-0.236 0.31-2.786 0.384-3.042-0.376-0.392-0.721-0.807-1.080-1.272-0.754 0.426-2.136 1.15-2.389 0.897-0.351-0.351 1.184-2.883 1.184-2.883-0.36-0.804-0.704-1.88-0.978-2.892l-0.9 0.519c-0.573 0.331-1.301 0.136-1.632-0.437s-0.136-1.301 0.437-1.632l1.705-0.985-1.729-0.998c-0.573-0.331-0.768-1.059-0.437-1.632 0.217-0.376 0.605-0.589 1.008-0.598 0.545-0.006 1.081 0.456 1.575 0.71 0.202-0.883 0.567-1.846 0.949-2.771 0 0-1.535-2.531-1.184-2.883 0.253-0.253 1.634 0.471 2.389 0.897 0.323-0.396 0.672-0.854 1.080-1.272-0.073-0.256-0.792-2.806-0.384-3.042 0.321-0.186 1.545 0.96 2.144 1.552 0.477-0.304 1.017-0.654 1.595-0.954-0.005-0.597 0.002-2.829 0.418-2.94 0.37-0.099 1.3 1.418 1.707 2.119 0.609-0.159 1.451-0.303 2.209-0.407 0.188-0.709 0.729-2.613 1.134-2.613zM20.707 9.971h-0c-0.593 0.016-2.325 1.066-2.325 1.066l1.465 1.466s1.324-2.184 1.021-2.487c-0.033-0.033-0.089-0.047-0.162-0.045zM7.21 11.739h-0c-0.253 0.388-0.389 0.841-0.39 1.304 0 1.32 1.070 2.389 2.389 2.389s2.389-1.070 2.389-2.389c-0-0.463-0.135-0.916-0.388-1.304h-4.001zM20.491 15.12v2.073s2.481-0.608 2.481-1.036c0-0.429-2.481-1.036-2.481-1.036v0zM19.097 19.499l-1.466 1.465s2.184 1.324 2.487 1.021c0.303-0.303-1.021-2.487-1.021-2.487zM8.5 12.475c0.399 0 0.723 0.324 0.723 0.723s-0.324 0.723-0.723 0.723c-0.399 0-0.723-0.324-0.723-0.723s0.324-0.723 0.723-0.723v0z" />
|
||||
</svg>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" version="1.1" viewBox="0 0 32 32"><title>openbsd</title><path d="M14.802 1.101l-0 0c0.406 0 0.949 1.916 1.135 2.619 0.747 0.066 1.485 0.2 2.208 0.401 0.407-0.701 1.337-2.218 1.707-2.119 0.416 0.111 0.423 2.343 0.418 2.94 0.555 0.283 1.048 0.583 1.595 0.954 0.599-0.592 1.822-1.737 2.144-1.552 0.409 0.236-0.31 2.786-0.384 3.042 0.38 0.394 0.718 0.795 1.080 1.272 0.755-0.426 2.136-1.15 2.389-0.897 0.351 0.351-1.132 2.883-1.132 2.883 0.467 0.884 0.895 2.306 1.071 3.846h0.69c0.304-1.445 0.336-3.98 2.265-3.993 1.262 0.010 2.234 2.543 1.968 4.175-1.745-3.7-2.628-0.96-2.619 1.33-0.009 2.29 0.879 5.021 2.619 1.33 0.27 1.658-0.695 4.11-1.968 4.174-1.635 0-1.643-1.472-2.167-3.555h-0.841c-0.174 1.041-0.605 2.306-1.070 3.407 0 0 1.535 2.532 1.184 2.883-0.253 0.253-1.634-0.471-2.389-0.897-0.331 0.448-0.692 0.873-1.081 1.272 0.073 0.256 0.792 2.806 0.384 3.042-0.321 0.186-1.545-0.96-2.144-1.552-0.507 0.358-1.040 0.677-1.595 0.954 0.005 0.597-0.002 2.829-0.418 2.94-0.37 0.099-1.3-1.418-1.707-2.119-0.722 0.2-1.461 0.334-2.208 0.401-0.186 0.703-0.73 2.619-1.135 2.619-0.404 0-0.946-1.904-1.134-2.613-0.668-0.064-1.449-0.221-2.209-0.407-0.407 0.701-1.337 2.218-1.707 2.119-0.416-0.111-0.423-2.343-0.418-2.94-0.544-0.288-1.057-0.589-1.595-0.954-0.599 0.592-1.822 1.738-2.144 1.552-0.409-0.236 0.31-2.786 0.384-3.042-0.376-0.392-0.721-0.807-1.080-1.272-0.754 0.426-2.136 1.15-2.389 0.897-0.351-0.351 1.184-2.883 1.184-2.883-0.36-0.804-0.704-1.88-0.978-2.892l-0.9 0.519c-0.573 0.331-1.301 0.136-1.632-0.437s-0.136-1.301 0.437-1.632l1.705-0.985-1.729-0.998c-0.573-0.331-0.768-1.059-0.437-1.632 0.217-0.376 0.605-0.589 1.008-0.598 0.545-0.006 1.081 0.456 1.575 0.71 0.202-0.883 0.567-1.846 0.949-2.771 0 0-1.535-2.531-1.184-2.883 0.253-0.253 1.634 0.471 2.389 0.897 0.323-0.396 0.672-0.854 1.080-1.272-0.073-0.256-0.792-2.806-0.384-3.042 0.321-0.186 1.545 0.96 2.144 1.552 0.477-0.304 1.017-0.654 1.595-0.954-0.005-0.597 0.002-2.829 0.418-2.94 0.37-0.099 1.3 1.418 1.707 2.119 0.609-0.159 1.451-0.303 2.209-0.407 0.188-0.709 0.729-2.613 1.134-2.613zM20.707 9.971h-0c-0.593 0.016-2.325 1.066-2.325 1.066l1.465 1.466s1.324-2.184 1.021-2.487c-0.033-0.033-0.089-0.047-0.162-0.045zM7.21 11.739h-0c-0.253 0.388-0.389 0.841-0.39 1.304 0 1.32 1.070 2.389 2.389 2.389s2.389-1.070 2.389-2.389c-0-0.463-0.135-0.916-0.388-1.304h-4.001zM20.491 15.12v2.073s2.481-0.608 2.481-1.036c0-0.429-2.481-1.036-2.481-1.036v0zM19.097 19.499l-1.466 1.465s2.184 1.324 2.487 1.021c0.303-0.303-1.021-2.487-1.021-2.487zM8.5 12.475c0.399 0 0.723 0.324 0.723 0.723s-0.324 0.723-0.723 0.723c-0.399 0-0.723-0.324-0.723-0.723s0.324-0.723 0.723-0.723v0z"/></svg>
|
||||
|
Before Width: | Height: | Size: 2.6 KiB After Width: | Height: | Size: 2.6 KiB |
@ -10,7 +10,7 @@
|
||||
{% endblock %}
|
||||
{% block tabs %}
|
||||
{{ super() }}
|
||||
<style>.md-content > .md-typeset h1{visibility:hidden;font-size:0;}</style>
|
||||
<style>.md-content > .md-typeset h1{visibility:hidden;font-size:0;}.md-button{margin-top:.5rem;}</style>
|
||||
<section class="mdx-container">
|
||||
<div class="md-grid md-typeset">
|
||||
<div class="mdx-hero">
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
<img src="/assets/rainbow-brand/privacy-guides-logo-notext.svg#only-light" alt="logo">
|
||||
<img src="/assets/rainbow-brand/privacy-guides-logo-notext-darkbg.svg#only-dark" alt="logo">
|
||||
<img src="/assets/brand/SVG/Logo/privacy-guides-logo-notext.svg#only-light" alt="logo">
|
||||
<img src="/assets/brand/SVG/Logo/privacy-guides-logo-notext-darkbg.svg#only-dark" alt="logo">
|
||||
|
||||
Reference in New Issue
Block a user