mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-07-04 10:32:41 +00:00
Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ca24eb6ba5 | |||
| b88beee846 | |||
| 33dc6b1211 | |||
| 313696132a | |||
| 480e7d5978 | |||
| 945744e5e9 | |||
| fb8c62fc9c | |||
| c8bd1533d8 | |||
| ba59882e94 | |||
| 07a4a3009d | |||
| 8591a1afc1 | |||
| 0be5f75da0 | |||
| 82a251ba35 | |||
| 1dbbabd570 | |||
| ac8b551d4a | |||
| e1e18378ed | |||
| 35ec0bf432 |
@ -6,12 +6,11 @@ icon: 'fontawesome/brands/android'
|
||||
These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. We also have additional Android-related information:
|
||||
|
||||
- [General Android Overview and Recommendations :material-arrow-right:](android/overview.md)
|
||||
- [Android Security and Privacy Features :material-arrow-right:](android/security.md)
|
||||
- [GrapheneOS vs CalyxOS Comparison :material-arrow-right:](android/grapheneos-vs-calyxos.md)
|
||||
|
||||
## AOSP Derivatives
|
||||
|
||||
Generally speaking we recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. If you are unable to run any of the following operating systems on your device, you are likely going to be best off sticking with your stock Android installation (as opposed to an operating system not listed here such as LineageOS), but we would recommend upgrading to a new device if at all possible.
|
||||
We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
|
||||
|
||||
!!! note
|
||||
|
||||
@ -30,9 +29,9 @@ Generally speaking we recommend installing one of these custom Android operating
|
||||
|
||||
[Visit grapheneos.org](https://grapheneos.org/){ .md-button .md-button--primary } [Privacy Policy](https://grapheneos.org/faq#privacy-policy){ .md-button }
|
||||
|
||||
Notably, GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play). Google Play Services can be run fully sandboxed like a regular user app and contained in a work profile or user [profile](#android-security-privacy) of your choice. This means that you can run apps dependant on Play Services, such as those that require push notifications using Google's [Firebase Cloud Messaging](https://firebase.google.com/docs/cloud-messaging/) service. GrapheneOS allows you to take advantage of most [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) whilst having full user control over their permissions and access.
|
||||
GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like a regular user app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while having full user control over their permissions and access, and while containing them to a specific work profile or user [profile](android/overview.md#user-profiles) of your choice.
|
||||
|
||||
Currently, only [Pixel phones](https://grapheneos.org/faq#device-support) meet its hardware security requirement and are supported.
|
||||
Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support).
|
||||
|
||||
### CalyxOS
|
||||
|
||||
@ -44,9 +43,9 @@ Currently, only [Pixel phones](https://grapheneos.org/faq#device-support) meet i
|
||||
|
||||
[Visit calyxos.org](https://calyxos.org/){ .md-button .md-button--primary } [Privacy Policy](https://calyxinstitute.org/legal/privacy-policy){ .md-button }
|
||||
|
||||
To accomodate users who need Google Play Services, CalyxOS optionally includes [MicroG](https://microg.org/). With MicroG, CalyxOS also bundles in the [Mozilla](https://location.services.mozilla.com/) and [DejaVu](https://github.com/n76/DejaVu) location services.
|
||||
To accomodate users who need Google Play Services, CalyxOS optionally includes [microG](https://microg.org/). CalyxOS also includes alternate location services, [Mozilla](https://location.services.mozilla.com/) and [DejaVu](https://github.com/n76/DejaVu).
|
||||
|
||||
Currently, CalyxOS only supports [Pixel phones](https://calyxos.org/docs/guide/device-support/).
|
||||
CalyxOS only [supports](https://calyxos.org/docs/guide/device-support/) Google Pixel phones. However, support for the OnePlus 8T/9 and Fairphone 4 is [currently in beta](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/).
|
||||
|
||||
### DivestOS
|
||||
|
||||
@ -54,7 +53,7 @@ Currently, CalyxOS only supports [Pixel phones](https://calyxos.org/docs/guide/d
|
||||
|
||||
{ align=right }
|
||||
|
||||
**DivestOS** is a [soft-fork](https://en.wikipedia.org/wiki/Fork_(software_development)#Forking_of_free_and_open-source_software) of [LineageOS](https://lineageos.org/).
|
||||
**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org/).
|
||||
DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
|
||||
|
||||
[Visit divestos.org](https://divestos.org){ .md-button .md-button--primary } [Privacy Policy](https://divestos.org/index.php?page=privacy_policy){ .md-button }
|
||||
@ -63,11 +62,11 @@ DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki
|
||||
|
||||
DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
|
||||
|
||||
DivestOS 16.0, 17.1, and 18.1 implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and 18.1 feature GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, and [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). All branches additionally have various miscellaneous patches courtesy of GrapheneOS.
|
||||
DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0, 17.1, and 18.1 implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and 18.1 feature GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, and [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
|
||||
|
||||
!!! attention
|
||||
|
||||
DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) varies across the devices it supports. For Pixel phones, we still recommend using GrapheneOS or CalyxOS. For other supported devices, DivestOS is a good alternative.
|
||||
DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS or CalyxOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
|
||||
|
||||
Not all of the supported devices have verified boot, and some perform it better than others.
|
||||
|
||||
@ -95,34 +94,32 @@ A few more tips regarding Android devices and operating system compatibility:
|
||||
|
||||
[Visit store.google.com](https://store.google.com/category/phones){ .md-button .md-button--primary }
|
||||
|
||||
Unless you know you have a specific need for [CalyxOS/microG features](https://calyxos.org/features/) that are unavailable on GrapheneOS, we strongly recommend GrapheneOS over other operating system choices on Pixel devices.
|
||||
|
||||
[More about GrapheneOS vs CalyxOS](android/grapheneos-vs-calyxos.md){ .md-button }
|
||||
Unless you have a need for specific [CalyxOS features](https://calyxos.org/features/) that are unavailable on GrapheneOS, we strongly recommend GrapheneOS over other operating system choices on Pixel devices.
|
||||
|
||||
The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company.
|
||||
|
||||
A few more tips for purchasing a Google Pixel:
|
||||
|
||||
- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
|
||||
- Consider price beating options and specials offered at [brick and mortar](https://en.wikipedia.org/wiki/Brick_and_mortar) stores.
|
||||
- Consider price beating options and specials offered at brick and mortar stores.
|
||||
- Look at online community bargain sites in your country. These can alert you to good sales.
|
||||
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EoL Date }-\text{ Current Date}$, meaning that the longer use of the device the lower cost per day.
|
||||
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date }-\text{ Current Date}$, meaning that the longer use of the device the lower cost per day.
|
||||
|
||||
### Other Devices
|
||||
|
||||
!!! important
|
||||
|
||||
Google Pixel phones are the only devices which are fully supported by all of our recommended Android distributions. Additionally, Pixel devices have stronger hardware security than any other Android device currently on the market, due to Google's custom Titan security chips acting as the Secure Element for secrets storage and rate limiting. Secure Elements are more limited and have a smaller attack surface than the Trusted Execution Environment used by most other phones, which is also used to run "trusted" programs. Phones without a Secure Element have to use the TEE for secrets storage, rate limiting, *and* trusted computing."
|
||||
Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
|
||||
|
||||
If you are unable to purchase a Pixel device, any device which is supported by CalyxOS should be reasonably secure and private enough for most users after installing CalyxOS.
|
||||
Secure Elements are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation and rate limiting but not running "trusted" programs. Phones without a Secure Element have to use the TEE for secrets storage, rate limiting, *and* trusted computing, which results in a larger attack surface.
|
||||
|
||||
In any case, when purchasing a device we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
|
||||
The following OEMs are only mentioned as they have phones compatible with the operating systems recommended by us. If you are purchasing a new device, we only recommend purchasing a Google Pixel.
|
||||
|
||||
We do not recommend the following devices over a Google Pixel device, but we do have some notes on devices from other manufacturers:
|
||||
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
|
||||
|
||||
#### OnePlus
|
||||
|
||||
If you are unable to obtain a Google Pixel, recent OnePlus devices provide a good balance of security with custom operating systems and longevity, with OnePlus 8 and later devices receiving 4 years of security updates. CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **OnePlus 8T** and **9**.
|
||||
If you are unable to obtain a Google Pixel, recent OnePlus devices are the next best option if you want to run a custom OS without privileged Play Services. OnePlus 8 and later devices will receive 4 years of security updates from their initial launch date. CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **OnePlus 8T** and **9**.
|
||||
|
||||
DivestOS has support for most OnePlus devices up to the **OnePlus 7T Pro**, with varying levels of support.
|
||||
|
||||
@ -130,13 +127,13 @@ DivestOS has support for most OnePlus devices up to the **OnePlus 7T Pro**, with
|
||||
|
||||
!!! danger
|
||||
|
||||
The Fairphone by default is not secure as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11), meaning any system can be installed and the phone will trust it as if it is the stock system. This essentially breaks verified boot on a stock Fairphone device.
|
||||
The Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
|
||||
|
||||
This problem is solved when you install a custom operating system such as CalyxOS or DivestOS and trust the developer's signing keys rather than the stock system's. To reiterate, **you must install a custom operating system with custom boot keys to use Fairphone devices in a secure manner.**
|
||||
This problem is somewhat mitigated when you install a custom operating system such as CalyxOS or DivestOS and trust the developer's signing keys rather than the stock system keys, however a vulnerability in CalyxOS or DivestOS's recovery environments could still potentially allow an attacker to bypass AVB. **To reiterate, you must install a custom operating system with custom boot keys to use Fairphone devices in a secure manner.**
|
||||
|
||||
CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **Fairphone 4**. DivestOS has builds available for the **Fairphone 3**.
|
||||
|
||||
While Fairphone markets their devices as receiving 6 years of support, the SOC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably sooner EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
|
||||
Fairphone markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
|
||||
|
||||
## General Apps
|
||||
|
||||
@ -150,17 +147,18 @@ While Fairphone markets their devices as receiving 6 years of support, the SOC (
|
||||
|
||||
[Visit orbot.app](https://orbot.app/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
|
||||
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/guardianproject/orbot)
|
||||
- [:fontawesome-brands-gitlab: GitLab](https://gitlab.com/guardianproject/orbot)
|
||||
??? downloads
|
||||
|
||||
Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch (⚙️ Settings → Network & internet → VPN → ⚙️ → Block connections without VPN).
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
|
||||
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/guardianproject/orbot)
|
||||
- [:fontawesome-brands-gitlab: GitLab](https://gitlab.com/guardianproject/orbot)
|
||||
|
||||
For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* ( ⁝ →Settings → Connectivity). This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to.
|
||||
Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
|
||||
|
||||
!!! attention
|
||||
For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* in :material-menu: → **Settings** → **Connectivity**. This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to.
|
||||
|
||||
!!! tip
|
||||
|
||||
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot) instead.
|
||||
|
||||
@ -178,11 +176,12 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
|
||||
|
||||
[Visit gitea.angry.im](https://gitea.angry.im/PeterCxy/Shelter){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads:**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.typeblog.shelter)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/PeterCxy/Shelter)
|
||||
- [:fontawesome-brands-git-alt: Source](https://gitea.angry.im/PeterCxy/Shelter)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.typeblog.shelter)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/PeterCxy/Shelter)
|
||||
- [:fontawesome-brands-git-alt: Source](https://gitea.angry.im/PeterCxy/Shelter)
|
||||
|
||||
!!! attention
|
||||
|
||||
@ -203,9 +202,10 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
|
||||
|
||||
[Visit attestation.app](https://attestation.app){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads:**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Auditor)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Auditor)
|
||||
|
||||
Auditor performs attestation and intrusion detection by:
|
||||
|
||||
@ -231,9 +231,10 @@ To make sure that your hardware and operating system is genuine, [perform local
|
||||
|
||||
[Visit github.com](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads:**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
|
||||
|
||||
Main privacy features include:
|
||||
|
||||
@ -260,9 +261,10 @@ Main privacy features include:
|
||||
|
||||
[Visit github.com](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads:**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
|
||||
|
||||
### PrivacyBlur
|
||||
|
||||
@ -274,10 +276,11 @@ Main privacy features include:
|
||||
|
||||
[Visit privacyblur.app](https://privacyblur.app/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads:**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.mathema.privacyblur/)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/MATHEMA-GmbH/privacyblur)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.mathema.privacyblur/)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/MATHEMA-GmbH/privacyblur)
|
||||
|
||||
!!! warning
|
||||
|
||||
@ -295,7 +298,9 @@ The Google Play Store requires a Google account to login which is not great for
|
||||
|
||||
### F-Droid
|
||||
|
||||
F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third party repositories and not be confined to Google's [walled garden](https://en.wikipedia.org/wiki/Closed_platform) has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications, and is dedicated to free and open source software. However, there are problems with the official F-Droid client, their quality control, and how they build, sign and deliver packages, outlined in this [post](https://wonderfall.dev/fdroid-issues/).
|
||||
F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications, and is dedicated to free and open source software. However, there are problems with the official F-Droid client, their quality control, and how they build, sign and deliver packages, outlined in this [post](https://wonderfall.dev/fdroid-issues/).
|
||||
|
||||
*[walled garden]: A walled garden (or closed platform) is one in which the service provider has control over applications, content, and/or media, and restricts convenient access to non-approved applicants or content.
|
||||
|
||||
Sometimes the official F-Droid repository may fall behind on updates. F-Droid maintainers reuse package IDs while signing apps with their own keys, which is not ideal as it does give the F-Droid team ultimate trust. The Google Play version of some apps may contain unwanted telemetry or lack features that are available in the F-Droid version.
|
||||
|
||||
@ -321,8 +326,9 @@ To mitigate these problems, we recommend [Droid-ify](https://github.com/Iamlooke
|
||||
|
||||
Unlike the official F-Droid client, Droid-ify supports seamless updates on Android 12 and above without the need for a privileged extension. If your Android distribution is on Android 12 or above and does not include the [F-Droid privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged/), it is highly recommended that you use Droid-ify instead of the official client.
|
||||
|
||||
**Downloads:**
|
||||
- [:fontawesome-brands-android: APK Download](https://android.izzysoft.de/repo/apk/com.looker.droidify)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/Iamlooker/Droid-ify)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-android: APK Download](https://android.izzysoft.de/repo/apk/com.looker.droidify)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/Iamlooker/Droid-ify)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -6,17 +6,25 @@ icon: 'material/cellphone-cog'
|
||||
|
||||
CalyxOS includes a device controller app so there is no need to install a third party app like Shelter.
|
||||
|
||||
GrapheneOS extends the user profile feature allowing a user to press an "End Session" button. This button clears the encryption key from memory. There are plans to add a [cross profile notifications system](https://github.com/GrapheneOS/os-issue-tracker/issues/88) in the future. GrapheneOS plans to introduce nested profile support with better isolation in the future.
|
||||
GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. There are plans to add a [cross profile notifications system](https://github.com/GrapheneOS/os-issue-tracker/issues/88) in the future. GrapheneOS plans to introduce nested profile support with better isolation in the future.
|
||||
|
||||
## Sandboxed Google Play vs Privileged MicroG
|
||||
## Sandboxed Google Play vs Privileged microG
|
||||
|
||||
When Google Play services are used on GrapheneOS, they run as a user app and are contained within a user or work profile.
|
||||
|
||||
Sandboxed Google Play is confined using the highly restrictive, default [`untrusted_app`](https://source.android.com/security/selinux/concepts) domain provided by [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux). Permissions for apps to use Google Play Services can be revoked at any time by the user.
|
||||
|
||||
MicroG is a reimplementation of Google Play Services. This means it needs to be updated every time Android has a major version update (or the Android API changes). It also needs to run in the highly privileged [`system_app`](https://source.android.com/security/selinux/concepts) SELinux domain like normal Google Play Services and requires access to [signature spoofing](https://madaidans-insecurities.github.io/android.html#microg-signature-spoofing) so this is less secure than the Sandboxed Google Play approach. We do not believe MicroG provides any privacy advantages over Sandboxed Google Play except for the option to *shift trust* of the location backend from Google to another provider such as Mozilla or DejaVu.
|
||||
microG is an open-source re-implementation of Google Play Services. This means it needs to be updated every time Android has a major version update (or the Android API changes). It also needs to run in the highly privileged [`system_app`](https://source.android.com/security/selinux/concepts) SELinux domain like regular Google Play Services, and it requires an operating system that allows [signature spoofing](https://github.com/microg/GmsCore/wiki/Signature-Spoofing), which allows system apps to insecurely masquerade as other apps. This is less secure than Sandboxed Google Play's approach, which does not need access to sensitive system APIs.
|
||||
|
||||
From a usability point of view, Sandboxed Google Play also works well with far more applications than MicroG, thanks to its support for services like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html).
|
||||
When using Sandboxed Play Services, you have the option to reroute location requests to the Play Services API back to the OS location API which uses satellite based location services. With microG, you have the option to either not use a network location backend at all, *shift trust* to another location backend like Mozilla, or use [DejaVu](https://github.com/n76/DejaVu), a location backend that locally collects and saves RF-based location data to an offline database which can be used when GPS is not available.
|
||||
|
||||
Network location providers like Play Services or Mozilla rely the on the MAC addresses of surrounding WiFi access points and Bluetooth devices being submitted for location approximation. Choosing a network location like Mozilla to use with microG provides little to no privacy benefit over Google because you are still submitting the same data and trusting them to not profile you.
|
||||
|
||||
Local RF location backends like DejaVu require that the phone has a working GPS first for the local RF data collected to be useful. This makes them ineffective as location providers, as the job of a location provider is to assist location approximation when satellite based services are not working.
|
||||
|
||||
If your threat model requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Play Services.
|
||||
|
||||
In terms of application compatibility, Sandboxed Google Play outperforms microG due to its support for many services which microG has not yet implemented, like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html). Authentication using [FIDO](security/multi-factor-authentication#fido-fast-identity-online) with online services on Android also relies on Play Services, and the feature is not yet implemented in microG.
|
||||
|
||||
## Privileged App Extensions
|
||||
|
||||
|
||||
@ -2,13 +2,21 @@
|
||||
title: Android Overview
|
||||
icon: material/cellphone-check
|
||||
---
|
||||
Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system.
|
||||
Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system.
|
||||
|
||||
The main privacy concern with most Android devices is that they usually include [Google Play Services](https://developers.google.com/android/guides/overview). This component is proprietary (closed source), has a privileged role on your phone, and may collect private user information. It is neither a part of the [AOSP](https://source.android.com/) nor is it included with the below derivatives.
|
||||
## Choosing an Android Distribution
|
||||
|
||||
## Avoid Root
|
||||
When you buy an Android phone, the device's default operating system often comes with invasive integration with apps and services that are not part of the [Android Open Source Project](https://source.android.com/). An example of such is Google Play Services, which has unrevokable privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, hardware identifiers, and so on. These apps and services increase the attack surface of your device and are the source of various privacy concerns with Android.
|
||||
|
||||
[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) policy bypasses.
|
||||
This problem could be solved by using a custom Android distribution that does not come with such invasive integration. Unfortunately, many custom Android distributions often violate the Android security model by not supporting critical security features such as AVB, rollback protection, firmware updates, and so on. Some distributions also ship [`userdebug`](https://source.android.com/setup/build/building#choose-a-target) builds which expose root via [ADB](https://developer.android.com/studio/command-line/adb) and require [more permissive](https://github.com/LineageOS/android_system_sepolicy/search?q=userdebug&type=code) SELinux policies to accomodate debugging features, resulting in a further increased attack surface and weakened security model.
|
||||
|
||||
Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
|
||||
|
||||
[Our Android System Recommendations :material-arrow-right:](../android.md){ .md-button }
|
||||
|
||||
## Avoid Rooting
|
||||
|
||||
[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses.
|
||||
|
||||
Adblockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For Adblocking we suggest encrypted [DNS](../dns.md) or [VPN](../vpn.md) server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server.
|
||||
|
||||
@ -16,13 +24,23 @@ AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Fire
|
||||
|
||||
We do not believe that the security sacrifices made by rooting a phone are worth the questionable privacy benefits of those apps.
|
||||
|
||||
## Verified Boot
|
||||
|
||||
[Verified Boot](https://source.android.com/security/verifiedboot) is an important part of the Android security model. It provides protection against [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, malware persistence, and ensures security updates cannot be downgraded with [rollback protection](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection).
|
||||
|
||||
Android 10 and above has moved away from full-disk encryption to more flexible [file-based encryption](https://source.android.com/security/encryption/file-based). Each user's data is encrypted using their own unique encryption key, and the operating system files are left unencrypted.
|
||||
|
||||
Verified Boot ensures the integrity of the operating system files, thereby preventing an adversary with physical access from tampering or installing malware on the device. In the unlikely case that malware is able to exploit other parts of the system and gain higher privileged access, Verified Boot will prevent and revert changes to the system partition upon rebooting device.
|
||||
|
||||
Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.
|
||||
|
||||
## Firmware Updates
|
||||
|
||||
Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
|
||||
|
||||
As the components of the phone such as the processor and radio technologies rely on closed source components, the updates must be provided by the respective manufacturers. Therefore it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) support their devices for 4 years while cheaper products often have shorter support. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own system on chip (SoC) and they will provide 5 years of support.
|
||||
As the components of the phone such as the processor and radio technologies rely on closed source components, the updates must be provided by the respective manufacturers. Therefore it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) support their devices for 4 years, while cheaper products often have shorter support cycles. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC and they will provide a minimum of 5 years of support.
|
||||
|
||||
Devices that have reached their end-of-life (EoL) and are no longer supported by the SoC manufacturer, cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed.
|
||||
EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed.
|
||||
|
||||
## Android Versions
|
||||
|
||||
@ -34,13 +52,39 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi
|
||||
|
||||
Should you want to run an app that you're unsure about, consider using a user or work [profile](android/#android-security-privacy).
|
||||
|
||||
## Advanced Protection Program
|
||||
## User Profiles
|
||||
|
||||
If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection/). It is available at no cost to anyone with two or more hardware security keys with [FIDO](/security/multi-factor-authentication.md#fido-fast-identity-online) support.
|
||||
Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android. With user profiles you can limit a user from making calls, SMS or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles is a more secure method of isolation.
|
||||
|
||||
## Work Profile
|
||||
|
||||
[Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
|
||||
|
||||
A **device controller** such as [Shelter](#recommended-apps) is required, unless you're using CalyxOS which includes one.
|
||||
|
||||
The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. The user must also fully trust the device controller app, as it has full access to the data inside of the work profile.
|
||||
|
||||
This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the work and personal profiles simultaneously.
|
||||
|
||||
## VPN Killswitch
|
||||
|
||||
Android 7 and above supports a VPN killswitch and it is available without the need to install third party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in (:gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**).
|
||||
|
||||
## Global Toggles
|
||||
|
||||
Modern Android devices have global toggles for disabling Bluetooth and location services. Android 12 introduced toggles for the camera and microphone. When not in use, we recommend disabling these features. Apps cannot use disabled features (even if granted individual permission) until re-enabled.
|
||||
|
||||
## Google
|
||||
|
||||
If you are using a device with Google services, either your stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS, there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
|
||||
|
||||
### Advanced Protection Program
|
||||
|
||||
If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection/). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../security/multi-factor-authentication.md#fido-fast-identity-online) support.
|
||||
|
||||
The Advanced Protection Program provides enhanced threat monitoring and enables:
|
||||
|
||||
- Stricter two factor authentication; e.g. that [FIDO](/security/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of SMS OTPs, TOTP, and [OAuth](https://en.wikipedia.org/wiki/OAuth)
|
||||
- Stricter two factor authentication; e.g. that [FIDO](/security/multi-factor-authentication/#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](/security/multi-factor-authentication/#sms-or-email-mfa), [TOTP](/security/multi-factor-authentication.md#time-based-one-time-password-totp), and [OAuth](https://en.wikipedia.org/wiki/OAuth)
|
||||
- Only Google and verified third party apps can access account data
|
||||
- Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts
|
||||
- Stricter [safe browser scanning](https://www.google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome
|
||||
@ -52,23 +96,29 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
|
||||
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
|
||||
- Warning the user about unverified applications
|
||||
|
||||
## SafetyNet and Play Integrity API
|
||||
### Google Play System Updates
|
||||
|
||||
In the past, Android security updates had to be shipped by the operating system vendor. Android has become more modular beginning with Android 10, and Google can push security updates for **some** system components via the privileged Play Services.
|
||||
|
||||
If you have an EOL device shipped with Android 10 or above and are unable to run any of our recommended operating systems on your device, you are likely going to be better off sticking with your OEM Android installation (as opposed to an operating system not listed here such as LineageOS or /e/ OS). This will allow you to receive **some** security fixes from Google, while not violating the Android security model by using an insecure Android derivative and increasing your attack surface. We would still recommend upgrading to a supported device as soon as possible.
|
||||
|
||||
### Advertising ID
|
||||
|
||||
All devices with Google Play Services installed automatically generate an [advertising ID](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) used for targeted advertising. Disable this feature to limit the data collected about you.
|
||||
|
||||
On Android distributions with [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), go to :gear: **Settings** → **Apps** → **Sandboxed Google Play** → **Google Settings** → **Ads**, and select *Delete advertising ID*.
|
||||
|
||||
On Android distributions with privileged Google Play Services (such as stock OSes), the setting may be in one of several locations. Check
|
||||
|
||||
- :gear: **Settings** → **Google** → **Ads**
|
||||
- :gear: **Settings** → **Privacy** → **Ads**
|
||||
|
||||
You will either be given the option to delete your advertising ID or to *Opt out of interest-based ads*, this varies between OEM distributions of Android. If presented with the option to delete the advertising ID that is preferred. If not, then make sure to opt out and reset your advertising ID.
|
||||
|
||||
### SafetyNet and Play Integrity API
|
||||
|
||||
[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financal apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities.
|
||||
|
||||
As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services.
|
||||
|
||||
## Advertising ID
|
||||
|
||||
All devices with Google Play Services installed automatically generate an [advertising ID](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) used for targeted advertising. Disable this feature to limit the data collected about you.
|
||||
|
||||
On Android distributions with [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), go to ⚙️ Settings → Apps → Sandboxed Google Play → Google Settings → Ads and select **Delete advertising ID**.
|
||||
|
||||
On Android distributions with privileged Google Play Services (such as stock OSes), the setting may be in one of several locations. Check
|
||||
|
||||
- ⚙️ Settings → Google → Ads
|
||||
- ⚙️ Settings → Privacy → Ads
|
||||
|
||||
Depending on your system, you will either be given the option to delete your advertising ID or to "Opt out of interest-based ads". You should delete the advertising ID if you are given the option to, and if you are not, we recommend that you opt out of interested-based ads and then reset your advertising ID.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -1,38 +0,0 @@
|
||||
---
|
||||
title: "Android Security and Privacy Features"
|
||||
icon: 'material/cellphone-lock'
|
||||
---
|
||||
|
||||
## User Profiles
|
||||
|
||||
Multiple user profiles (Settings → System → Multiple users) are the simplest way to isolate in Android. With user profiles you can limit a user from making calls, SMS or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles is a more secure method of isolation.
|
||||
|
||||
## Work Profile
|
||||
|
||||
[Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
|
||||
|
||||
A **device controller** such as [Shelter](#recommended-apps) is required, unless you're using CalyxOS which includes one.
|
||||
|
||||
The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. The user must also fully trust the device controller app, as it has full access to the data inside of the work profile.
|
||||
|
||||
This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the work and personal profiles simultaneously.
|
||||
|
||||
## Verified Boot
|
||||
|
||||
[Verified Boot](https://source.android.com/security/verifiedboot) is an important part of the Android security model. It provides protection against [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, malware persistence, and ensures security updates cannot be downgraded with [rollback protection](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection).
|
||||
|
||||
Android 10 and above has moved away from full-disk encryption to more flexible [file-based encryption](https://source.android.com/security/encryption/file-based).
|
||||
|
||||
Each user's data is encrypted using their own unique encryption key, and the operating system files are left unencrypted. Verified Boot ensures the integrity of the operating system files preventing an adversary with physical access from tampering or installing malware on the device. In the unlikely case that malware is able to exploit other parts of the system and gain higher privileged access, Verified Boot will prevent and revert changes to the system partition upon reboot of the device.
|
||||
|
||||
Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.
|
||||
|
||||
## VPN Killswitch
|
||||
|
||||
Android 7 and above supports a VPN killswitch and it is available without the need to install third party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in ⚙️ Settings → Network & internet → VPN → ⚙️ → Block connections without VPN.
|
||||
|
||||
## Global Toggles
|
||||
|
||||
Modern Android devices have global toggles for disabling Bluetooth and location services. Android 12 introduced toggles for the camera and microphone. When not in use, we recommend disabling these features. Apps cannot use disabled features (even if granted individual permission) until re-enabled.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
@ -8,8 +8,6 @@ These are our current web browser recommendations and settings. We recommend kee
|
||||
|
||||
### Tor Browser
|
||||
|
||||
!!! anonyimity "This product provides anonymity"
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
@ -18,14 +16,15 @@ These are our current web browser recommendations and settings. We recommend kee
|
||||
|
||||
[Visit torproject.org](https://www.torproject.org){ .md-button .md-button--primary } [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .md-button } [Privacy Policy](https://support.torproject.org/tbb/tbb-3/){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
|
||||
- [:fontawesome-brands-git: Source](https://trac.torproject.org/projects/tor)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
|
||||
- [:fontawesome-brands-git: Source](https://trac.torproject.org/projects/tor)
|
||||
|
||||
!!! warning
|
||||
You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Browser extensions make you stand out from other Tor users and your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
|
||||
@ -42,56 +41,48 @@ These are our current web browser recommendations and settings. We recommend kee
|
||||
|
||||
[Visit firefox.com](https://firefox.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mozilla.org/privacy/firefox){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://www.mozilla.org/firefox/windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.mozilla.org/firefox/mac)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.mozilla.org/firefox/linux)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.firefox)
|
||||
- [:fontawesome-brands-git: Source](https://hg.mozilla.org/mozilla-central)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://www.mozilla.org/firefox/windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.mozilla.org/firefox/mac)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.mozilla.org/firefox/linux)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.firefox)
|
||||
- [:fontawesome-brands-git: Source](https://hg.mozilla.org/mozilla-central)
|
||||
|
||||
!!! warning
|
||||
Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/).
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
These options can be found in the *Privacy & Security* settings page ( ≡ → Settings → Privacy & Security).
|
||||
These options can be found in :material-menu: → **Settings** → **Privacy & Security**.
|
||||
|
||||
**Enhanced Tracking Protection (ETP):**
|
||||
##### Enhanced Tracking Protection (ETP)
|
||||
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Select: "Strict"</li>
|
||||
</ul>
|
||||
- Select **Strict**
|
||||
|
||||
**Sanitize on Close:**
|
||||
##### Sanitize on Close
|
||||
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Select: "Delete cookies and site data when Firefox is closed"</li>
|
||||
</ul>
|
||||
You can still stay logged into websites by allowing exceptions.
|
||||
If you want to stay logged in to particular sites, you can allow exceptions in **Cookies and Site Data** → **Manage Exceptions...**
|
||||
|
||||
**Disable Search Suggestions:**
|
||||
- Select **Delete cookies and site data when Firefox is closed**
|
||||
|
||||
*These features may not be available depending on your region.*
|
||||
##### Disable Search Suggestions
|
||||
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Toggle off: "Suggestions from the web"</li>
|
||||
<li>Toggle off: "Suggestions from sponsors"</li>
|
||||
<li>Toggle off: "Improve the Firefox Suggest experience"</li>
|
||||
</ul>
|
||||
- Clear **Suggestions from the web**
|
||||
- Clear **Suggestions from sponsors**
|
||||
- Clear **Improve the Firefox Suggest experience**
|
||||
|
||||
**Disable Telemetry:**
|
||||
Search suggestion features may not be available in your region.
|
||||
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Uncheck: "Allow Firefox to send technical and interaction data to Mozilla"</li>
|
||||
<li>Uncheck: "Allow Firefox to install and run studies"</li>
|
||||
<li>Uncheck: "Allow Firefox to send backlogged crash reports on your behalf"</li>
|
||||
</ul>
|
||||
##### Disable Telemetry
|
||||
|
||||
**HTTPS-Only Mode:**
|
||||
- Clear **Allow Firefox to send technical and interaction data to Mozilla**
|
||||
- Clear **Allow Firefox to install and run studies**
|
||||
- Clear **Allow Firefox to send backlogged crash reports on your behalf**
|
||||
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Select: "Enable HTTPS-Only Mode in all windows".</li>
|
||||
</ul>
|
||||
##### HTTPS-Only Mode
|
||||
|
||||
- Select **Enable HTTPS-Only Mode in all windows**
|
||||
|
||||
#### Sync
|
||||
|
||||
@ -99,7 +90,7 @@ The [Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) serv
|
||||
|
||||
#### Extensions
|
||||
|
||||
We generally do not recommend installing any extensions as they increase your [attack surface](https://en.wikipedia.org/wiki/Attack_surface); however, if you want content blocking, [uBlock Origin](#additional-resources) might be useful to you. The extension is also a 🏆️ [Recommended Extension](https://support.mozilla.org/kb/add-on-badges#w_recommended-extensions) by Mozilla.
|
||||
We generally do not recommend installing any extensions as they increase your attack surface; however, if you want content blocking, [uBlock Origin](#additional-resources) might be useful to you. The extension is also a :trophy: [Recommended Extension](https://support.mozilla.org/kb/add-on-badges#w_recommended-extensions) by Mozilla.
|
||||
|
||||
#### Arkenfox (advanced)
|
||||
|
||||
@ -117,29 +108,28 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Bromite** is a [Chromium](https://en.wikipedia.org/wiki/Chromium_(web_browser))-based browser with privacy and security enhancements, built-in ad blocking, and some fingerprinting randomization.
|
||||
**Bromite** is a Chromium-based browser with privacy and security enhancements, built-in ad blocking, and some fingerprinting randomization.
|
||||
|
||||
[Visit bromite.org](https://www.bromite.org){ .md-button .md-button--primary } [Privacy Policy](https://www.bromite.org/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-android: Android](https://www.bromite.org/fdroid)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/bromite/bromite)
|
||||
??? downloads
|
||||
|
||||
These options can be found in *Privacy and Security* ( ⁝ → ⚙️ Settings → Privacy and Security).
|
||||
- [:fontawesome-brands-android: Android](https://www.bromite.org/fdroid)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/bromite/bromite)
|
||||
|
||||
**HTTPS-Only Mode:**
|
||||
These options can be found in :material-menu: → :gear: **Settings** → **Privacy and Security**.
|
||||
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Select: Always use secure connections.</li>
|
||||
</ul>
|
||||
#### Recommended Configuration
|
||||
|
||||
**Always-on Incognito Mode:**
|
||||
##### HTTPS-Only Mode
|
||||
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Select: "Open links in incognito tabs always"</li>
|
||||
<li>Select: "Close all open tabs on exit"</li>
|
||||
<li>Select: "Open external links in incognito"</li>
|
||||
</ul>
|
||||
- Select **Always use secure connections**
|
||||
|
||||
##### Always-on Incognito Mode
|
||||
|
||||
- Select **Open links in incognito tabs always**
|
||||
- Select **Close all open tabs on exit**
|
||||
- Select **Open external links in incognito**
|
||||
|
||||
### Safari
|
||||
|
||||
@ -153,51 +143,47 @@ These options can be found in *Privacy and Security* ( ⁝ → ⚙️ Settings
|
||||
|
||||
#### Recommended Configuration
|
||||
|
||||
These options can be found in *Privacy and Security* (⚙️ Settings → Safari → Privacy and Security).
|
||||
These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**.
|
||||
|
||||
**Cross-Site Tracking Prevention:**
|
||||
##### Cross-Site Tracking Prevention
|
||||
|
||||
Toggling this setting enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp).
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Toggle On: "Prevent Cross-Site Tracking".</li>
|
||||
</ul>
|
||||
Enable WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp).
|
||||
|
||||
**Privacy Report:**
|
||||
- Select **Prevent Cross-Site Tracking** to enable
|
||||
|
||||
##### Privacy Report
|
||||
|
||||
Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
|
||||
|
||||
Privacy Report is accessible through the "**Aa**" icon in the URL bar.
|
||||
|
||||
**Privacy Preserving Ad Measurement:**
|
||||
##### Privacy Preserving Ad Measurement
|
||||
|
||||
This is WebKit's own [implementation](https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/) of privacy preserving ad click attribution. If you do not wish to participate, you can disable this feature.
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Toggle Off: "Privacy Preserving Ad Measurement".</li>
|
||||
</ul>
|
||||
|
||||
**Apple Pay:**
|
||||
- Select **Privacy Preserving Ad Measurement**
|
||||
|
||||
##### Apple Pay
|
||||
|
||||
If you do not use Apple Pay, you can toggle off the ability for websites to check for it.
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Toggle Off: "Check for Apple Pay".</li>
|
||||
</ul>
|
||||
|
||||
**Always-on Private Browsing:**
|
||||
- Select **Check for Apple Pay**
|
||||
|
||||
##### Always-on Private Browsing
|
||||
|
||||
Open Safari and press the tabs icon in the bottom right corner. Open Tab Groups, located in the bottom middle.
|
||||
<ul style="list-style-type:none;padding-left:0;">
|
||||
<li>Select: "Private".</li>
|
||||
</ul>
|
||||
|
||||
#### iCloud Sync
|
||||
- Select **Private**
|
||||
|
||||
##### iCloud Sync
|
||||
|
||||
While synchronization of Safari History, Tab Groups, and iCloud Tabs uses E2EE, bookmarks sync does [not](https://support.apple.com/en-us/HT202303); they are only encrypted in transit and stored in an encrypted format on Apple's servers. Apple may be able to decrypt and access them.
|
||||
|
||||
If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in *General* (⚙️ Settings → Safari → General → Downloads).
|
||||
If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
|
||||
|
||||
#### Extensions
|
||||
|
||||
We generally do not recommend installing [any extensions](https://www.sentinelone.com/blog/inside-safari-extensions-malware-golden-key-user-data/) as they increase your browser's [attack surface](https://en.wikipedia.org/wiki/Attack_surface); however, if you want content blocking, [AdGuard for Safari](#additional-resources) might be useful to you.
|
||||
We generally do not recommend installing [any extensions](https://www.sentinelone.com/blog/inside-safari-extensions-malware-golden-key-user-data/) as they increase your browser's attack surface; however, if you want content blocking, [AdGuard for Safari](#additional-resources) might be useful to you.
|
||||
|
||||
## Additional Resources
|
||||
|
||||
@ -213,16 +199,17 @@ We generally do not recommend installing [any extensions](https://www.sentinelon
|
||||
|
||||
[Visit github.com](https://github.com/gorhill/uBlock){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
|
||||
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
|
||||
- [:fontawesome-brands-opera: Opera](https://addons.opera.com/extensions/details/ublock)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/gorhill/uBlock)
|
||||
??? downloads
|
||||
|
||||
We also suggest adding the [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt) list and any of the regional lists that might apply to your browsing habits. To add this list, first access settings by clicking on the uBO icon, then the settings icon (⚙️). Go to the bottom of the Filter lists pane and place a checkmark next to Import under the Custom section. Paste the URL of the filter list above into the text area that appears below and click "Apply changes".
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
|
||||
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
|
||||
- [:fontawesome-brands-opera: Opera](https://addons.opera.com/extensions/details/ublock)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/gorhill/uBlock)
|
||||
|
||||
Additional filter lists do slow things down and may increase your [attack surface](https://en.wikipedia.org/wiki/Attack_surface), so only apply what you need.
|
||||
We also suggest adding the [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt) list and any of the regional lists that might apply to your browsing habits. To add this list, first access settings by clicking on the uBO icon, then the settings icon ( :gear: ). Go to the bottom of the Filter lists pane and place a checkmark next to Import under the Custom section. Paste the URL of the filter list above into the text area that appears below and click "Apply changes".
|
||||
|
||||
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
|
||||
|
||||
uBlock Origin also has different [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode). The easy mode [might not](https://www.ranum.com/security/computer_security/editorials/dumb/) necessarily keep you safe from every tracker out there, whereas the more advanced modes let you control exactly what needs to run.
|
||||
|
||||
@ -233,26 +220,23 @@ uBlock Origin also has different [blocking modes](https://github.com/gorhill/uBl
|
||||
{ align=right }
|
||||
|
||||
**AdGuard for Safari** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
|
||||
|
||||
|
||||
We suggest enabling the filters labled *#recommended* under the "Ad Blocking" and "Privacy" [content blockers](https://kb.adguard.com/en/safari/overview#content-blockers). The *#recommended* filters can also be enabled for the "Social Widgets" and "Annoyances" content blockers, but they may break some social media functions.
|
||||
|
||||
[Visit adguard.com](https://adguard.com/en/adguard-safari/overview.html){ .md-button .md-button--primary } [Privacy Policy](https://adguard.com/en/privacy/safari.html){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-safari: Safari](https://apps.apple.com/app/adguard-for-safari/id1440147259)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
|
||||
- [:fontawesome-brands-git: Source](https://github.com/AdguardTeam/AdGuardForSafari)
|
||||
??? downloads
|
||||
|
||||
Additional filter lists do slow things down and may increase your [attack surface](https://en.wikipedia.org/wiki/Attack_surface), so only apply what you need.
|
||||
- [:fontawesome-brands-safari: Safari](https://apps.apple.com/app/adguard-for-safari/id1440147259)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
|
||||
- [:fontawesome-brands-git: Source](https://github.com/AdguardTeam/AdGuardForSafari)
|
||||
|
||||
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
|
||||
|
||||
There is also [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) which is able to perform system-wide content blocking by means of DNS filtering.
|
||||
|
||||
### Terms of Service; Didn't Read
|
||||
|
||||
!!! note
|
||||
|
||||
We do not recommend installing ToS;DR as a browser extension. The same information is provided on their website.
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
@ -261,4 +245,6 @@ There is also [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html
|
||||
|
||||
[Visit tosdr.org](https://tosdr.org){ .md-button .md-button--primary } [Privacy Policy](https://addons.mozilla.org/firefox/addon/terms-of-service-didnt-read/privacy){ .md-button }
|
||||
|
||||
We do not recommend installing ToS;DR as a browser extension. The same information is provided on their website.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -19,15 +19,16 @@ These products are included with an subscription with their respective [email pr
|
||||
|
||||
[Visit tutanota.com](https://tutanota.com/calendar){ .md-button .md-button--primary } [Privacy Policy](https://tutanota.com/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://tutanota.com/blog/posts/desktop-clients/)
|
||||
- [:fontawesome-brands-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/)
|
||||
- [:fontawesome-brands-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.tutanota.Tutanota)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.tutao.tutanota)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/tutanota/id922429609)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/tutao/tutanota)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://tutanota.com/blog/posts/desktop-clients/)
|
||||
- [:fontawesome-brands-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/)
|
||||
- [:fontawesome-brands-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.tutanota.Tutanota)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.tutao.tutanota)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/tutanota/id922429609)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/tutao/tutanota)
|
||||
|
||||
### Proton Calendar
|
||||
|
||||
@ -39,9 +40,10 @@ These products are included with an subscription with their respective [email pr
|
||||
|
||||
[Visit calendar.protonmail.com](https://calendar.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
|
||||
|
||||
## Self-hostable
|
||||
|
||||
@ -59,12 +61,13 @@ Some of these options are self-hostable, but could be offered by third party Saa
|
||||
|
||||
[Visit etesync.com](https://www.etesync.com){ .md-button .md-button--primary } [Privacy Policy](https://www.etesync.com/tos/#privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-solid-earth-americas: Client Instructions](https://github.com/etesync/etesync-dav/blob/master/README.md#specific-client-notes-and-instructions)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.etesync.syncadapter)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/app/com.etesync.syncadapter)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/apple-store/id1489574285)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/etesync)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-solid-earth-americas: Client Instructions](https://github.com/etesync/etesync-dav/blob/master/README.md#specific-client-notes-and-instructions)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.etesync.syncadapter)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/app/com.etesync.syncadapter)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/apple-store/id1489574285)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/etesync)
|
||||
|
||||
### Nextcloud
|
||||
|
||||
@ -78,15 +81,16 @@ Some of these options are self-hostable, but could be offered by third party Saa
|
||||
|
||||
[Visit nextcloud.com](https://nextcloud.com/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-apple: macOS](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-linux: Linux](https://nextcloud.com/install/#install-clients)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.nextcloud.desktopclient.nextcloud)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nextcloud.client)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/nextcloud/id1125420102)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/nextcloud)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-apple: macOS](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-linux: Linux](https://nextcloud.com/install/#install-clients)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.nextcloud.desktopclient.nextcloud)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nextcloud.client)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/nextcloud/id1125420102)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/nextcloud)
|
||||
|
||||
### DecSync CC
|
||||
|
||||
@ -100,9 +104,10 @@ Some of these options are self-hostable, but could be offered by third party Saa
|
||||
|
||||
[Visit github.com](https://github.com/39aldo39/DecSync){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.decsync.cc)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.decsync.cc)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/39aldo39/DecSync)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.decsync.cc)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.decsync.cc)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/39aldo39/DecSync)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -16,17 +16,18 @@ Trust your provider by using an alternative below that supports E2EE.
|
||||
|
||||
[Visit nextcloud.com](https://nextcloud.com){ .md-button .md-button--primary } [Privacy Policy](https://nextcloud.com/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-apple: macOS](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-linux: Linux](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud)
|
||||
- [:pg-openbsd: OpenBSD](https://openports.se/www/nextcloud)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/www/php-nextcloud)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nextcloud.client)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1125420102)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/nextcloud)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-apple: macOS](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-linux: Linux](https://nextcloud.com/install/#install-clients)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud)
|
||||
- [:pg-openbsd: OpenBSD](https://openports.se/www/nextcloud)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/www/php-nextcloud)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nextcloud.client)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1125420102)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/nextcloud)
|
||||
|
||||
We recommend checking if your Nextcloud provider supports E2EE, otherwise you have to trust the provider to not look at your files.
|
||||
|
||||
@ -42,8 +43,9 @@ When self hosting Nextcloud, you should also remember to enable E2EE to protect
|
||||
|
||||
[Visit drive.protonmail.com](https://drive.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
|
||||
|
||||
Proton Drive is currently in beta and only is only available through a web client.
|
||||
|
||||
@ -60,8 +62,9 @@ When using a web client, you are placing trust in the server to send you proper
|
||||
|
||||
[Visit crypt.ee](https://crypt.ee){ .md-button .md-button--primary } [Privacy Policy](https://crypt.ee/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/cryptee/web-client)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/cryptee/web-client)
|
||||
|
||||
### Tahoe-LAFS
|
||||
|
||||
@ -69,6 +72,7 @@ When using a web client, you are placing trust in the server to send you proper
|
||||
|
||||
Due to the complexity of the system and the amount of nodes needed to set it up, Tahoe-LAFS is only recommended for seasoned system administrators.
|
||||
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
@ -78,11 +82,12 @@ When using a web client, you are placing trust in the server to send you proper
|
||||
|
||||
[Visit tahoe-lafs.org](https://www.tahoe-lafs.org){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/tahoe-lafs/tahoe-lafs#via-pip)
|
||||
- [:fontawesome-brands-apple: macOS](https://github.com/tahoe-lafs/tahoe-lafs#via-pip)
|
||||
- [:fontawesome-brands-linux: Linux](https://github.com/tahoe-lafs/tahoe-lafs#using-os-packages)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/filesystems/tahoe-lafs)
|
||||
- [:fontawesome-brands-git: Source](https://www.tahoe-lafs.org/trac/tahoe-lafs/browser)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/tahoe-lafs/tahoe-lafs#via-pip)
|
||||
- [:fontawesome-brands-apple: macOS](https://github.com/tahoe-lafs/tahoe-lafs#via-pip)
|
||||
- [:fontawesome-brands-linux: Linux](https://github.com/tahoe-lafs/tahoe-lafs#using-os-packages)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/filesystems/tahoe-lafs)
|
||||
- [:fontawesome-brands-git: Source](https://www.tahoe-lafs.org/trac/tahoe-lafs/browser)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -87,10 +87,11 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te
|
||||
|
||||
[Visit rethinkdns.com](https://rethinkdns.com){ .md-button .md-button--primary } [Privacy Policy](https://rethinkdns.com/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.celzero.bravedns)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/celzero/rethink-app)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.celzero.bravedns)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/celzero/rethink-app)
|
||||
|
||||
### DNSCloak
|
||||
|
||||
@ -102,9 +103,10 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te
|
||||
|
||||
[Visit github.com](https://github.com/s-s/dnscloak/blob/master/README.md){ .md-button .md-button--primary } [Privacy Policy](https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1452162351)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/s-s/dnscloak)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1452162351)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/s-s/dnscloak)
|
||||
|
||||
### dnscrypt-proxy
|
||||
|
||||
@ -114,11 +116,12 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te
|
||||
|
||||
**dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](technology/dns.md#dnscrypt), [DNS-over-HTTPS](technology/dns.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
|
||||
|
||||
!!! warning "The anonymized DNS feature does [**not**](technology/dns.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic."
|
||||
|
||||
[Visit github.com](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .md-button .md-button--primary } [Privacy Policy](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/DNSCrypt/dnscrypt-proxy)
|
||||
??? downloads
|
||||
|
||||
!!! warning "The anonymized DNS feature does [**not**](technology/dns.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic."
|
||||
- [:fontawesome-brands-github: Source](https://github.com/DNSCrypt/dnscrypt-proxy)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -5,11 +5,11 @@ icon: material/email-open
|
||||
Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](multi-factor-authentication) and prevent account theft.
|
||||
|
||||
??? Attention "Email does not provide forward secrecy"
|
||||
When using end-to-end encryption (E2EE) technology like [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy), email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email.
|
||||
When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email.
|
||||
|
||||
OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](email.md#email-encryption-overview). Consider using a medium that provides forward secrecy:
|
||||
|
||||
[Real-time Communication](real-time-communication.md){ .md-button .md-button--primary }
|
||||
[Real-time Communication](real-time-communication.md){ .md-button }
|
||||
|
||||
### Thunderbird
|
||||
|
||||
@ -21,24 +21,26 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
|
||||
|
||||
[Visit thunderbird.net](https://www.thunderbird.net){ .md-button .md-button--primary } [Privacy Policy](https://www.mozilla.org/privacy/thunderbird){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://www.thunderbird.net)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.thunderbird.net)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.thunderbird.net)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.Thunderbird)
|
||||
- [:fontawesome-brands-git: Source](https://hg.mozilla.org/comm-central)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://www.thunderbird.net)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.thunderbird.net)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.thunderbird.net)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.Thunderbird)
|
||||
- [:fontawesome-brands-git: Source](https://hg.mozilla.org/comm-central)
|
||||
|
||||
### Apple Mail
|
||||
|
||||
!!! note
|
||||
|
||||
For iOS devices we suggest [Canary Mail](#canary-mail) as it has PGP support which means you can send end-to-end encrypted email.
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](encryption/#gpg-suite), which adds the ability to send encrypted email.
|
||||
|
||||
!!! note
|
||||
For iOS devices we suggest [Canary Mail](#canary-mail) as it has PGP support which means you can send end-to-end encrypted email.
|
||||
|
||||
[Visit apple.com](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/en-ww/){ .md-button }
|
||||
|
||||
### GNOME Evolution
|
||||
@ -51,9 +53,10 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
|
||||
|
||||
[Visit gnome.org](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary } [Privacy Policy](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gnome.Evolution)
|
||||
- [:fontawesome-brands-gitlab: Source](https://gitlab.gnome.org/GNOME/evolution)
|
||||
??? downloads
|
||||
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gnome.Evolution)
|
||||
- [:fontawesome-brands-gitlab: Source](https://gitlab.gnome.org/GNOME/evolution)
|
||||
|
||||
### Kontact
|
||||
|
||||
@ -65,10 +68,11 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
|
||||
|
||||
[Visit kontact.kde.org](https://kontact.kde.org){ .md-button .md-button--primary } [Privacy Policy](https://kde.org/privacypolicy-apps){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-linux: Linux](https://kontact.kde.org/download)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.kontact)
|
||||
- [:fontawesome-brands-git: Source](https://invent.kde.org/pim/kmail)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-linux: Linux](https://kontact.kde.org/download)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.kontact)
|
||||
- [:fontawesome-brands-git: Source](https://invent.kde.org/pim/kmail)
|
||||
|
||||
### Mailvelope
|
||||
|
||||
@ -80,11 +84,12 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
|
||||
|
||||
[Visit mailvelope.com](https://www.mailvelope.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mailvelope.com/en/privacy-policy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/mailvelope)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke)
|
||||
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/mailvelope/mailvelope)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/mailvelope)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke)
|
||||
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/mailvelope/mailvelope)
|
||||
|
||||
### K-9 Mail
|
||||
|
||||
@ -96,10 +101,11 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
|
||||
|
||||
[Visit k9mail.app](https://k9mail.app){ .md-button .md-button--primary } [Privacy Policy](https://k9mail.app/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.fsck.k9)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/k9mail)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.fsck.k9)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/k9mail)
|
||||
|
||||
### FairEmail
|
||||
|
||||
@ -111,10 +117,11 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
|
||||
|
||||
[Visit email.faircode.eu](https://email.faircode.eu){ .md-button .md-button--primary } [Privacy Policy](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=eu.faircode.email)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/eu.faircode.email/)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/M66B/FairEmail)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=eu.faircode.email)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/eu.faircode.email/)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/M66B/FairEmail)
|
||||
|
||||
### Canary Mail
|
||||
|
||||
@ -126,17 +133,18 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
|
||||
|
||||
[Visit canarymail.io](https://canarymail.io){ .md-button .md-button--primary } [Privacy Policy](https://canarymail.io/privacy.html){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://download.canarymail.io/get_windows)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/id1236045954)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1236045954)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=io.canarymail.android)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://download.canarymail.io/get_windows)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/id1236045954)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1236045954)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=io.canarymail.android)
|
||||
|
||||
!!! attention
|
||||
|
||||
Canary Mail only recently released a Windows and Android client, we don't believe they are as stable as their iOS and Mac counterparts.
|
||||
|
||||
Canary Mail is closed source. We recommend it, due to the few choices there are for email clients on iOS that support [Pretty Good Privacy (PGP)](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) E2EE.
|
||||
Canary Mail is closed source. We recommend it, due to the few choices there are for email clients on iOS that support PGP E2EE.
|
||||
|
||||
### NeoMutt
|
||||
|
||||
@ -150,9 +158,10 @@ Canary Mail is closed source. We recommend it, due to the few choices there are
|
||||
|
||||
[Visit neomutt.org](https://neomutt.org){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-linux: Linux](https://neomutt.org/distro)
|
||||
- [:fontawesome-brands-apple: macOS](https://neomutt.org/distro)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/neomutt/neomutt)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-linux: Linux](https://neomutt.org/distro)
|
||||
- [:fontawesome-brands-apple: macOS](https://neomutt.org/distro)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/neomutt/neomutt)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -326,7 +326,7 @@ We regard these features as important in order to provide a safe and optimal ser
|
||||
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
|
||||
- Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion).
|
||||
- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) support.
|
||||
- [Catch all](https://en.wikipedia.org/wiki/Email_filtering) or [aliases](https://en.wikipedia.org/wiki/Email_alias) for users who own their own domains.
|
||||
- Catch-all or alias functionality for users who own their own domains.
|
||||
- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider.
|
||||
|
||||
### Privacy
|
||||
@ -421,7 +421,7 @@ E2EE is a way of encrypting email contents so that nobody but the recipient(s) c
|
||||
|
||||
### How can I encrypt my email?
|
||||
|
||||
The standard way to do email E2EE and have it work between different email providers is with [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP). There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org).
|
||||
The standard way to do email E2EE and have it work between different email providers is with OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org).
|
||||
|
||||
There is another standard that was popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480).
|
||||
|
||||
|
||||
@ -19,11 +19,12 @@ The options listed here are multi-platform and great for creating encrypted back
|
||||
|
||||
[Visit veracrypt.fr](https://veracrypt.fr){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://www.veracrypt.fr/en/Downloads.html)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
|
||||
- [:fontawesome-brands-git: Source](https://www.veracrypt.fr/code)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://www.veracrypt.fr/en/Downloads.html)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
|
||||
- [:fontawesome-brands-git: Source](https://www.veracrypt.fr/code)
|
||||
|
||||
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
|
||||
|
||||
@ -41,15 +42,16 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru
|
||||
|
||||
[Visit cryptomator.org](https://cryptomator.org){ .md-button .md-button--primary } [Privacy Policy](https://cryptomator.org/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://cryptomator.org/downloads)
|
||||
- [:fontawesome-brands-apple: macOS](https://cryptomator.org/downloads)
|
||||
- [:fontawesome-brands-linux: Linux](https://cryptomator.org/downloads)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
|
||||
- [:fontawesome-brands-android: F-Droid repo](https://cryptomator.org/android)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/cryptomator)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://cryptomator.org/downloads)
|
||||
- [:fontawesome-brands-apple: macOS](https://cryptomator.org/downloads)
|
||||
- [:fontawesome-brands-linux: Linux](https://cryptomator.org/downloads)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
|
||||
- [:fontawesome-brands-android: F-Droid repo](https://cryptomator.org/android)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/cryptomator)
|
||||
|
||||
Some of the Cryptomator Crypto Libraries have been [audited](https://cryptomator.org/open-source/) by [Cure53](https://cryptomator.org/audits/2017-11-27%20crypto%20cure53.pdf). The scope of those libraries included [cryptolib](https://github.com/cryptomator/cryptolib), [cryptofs](https://github.com/cryptomator/cryptofs), [siv-mode](https://github.com/cryptomator/siv-mode) and [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor). It did not include [cryptolib-swift](https://github.com/cryptomator/cryptolib-swift) which is now used on iOS.
|
||||
|
||||
@ -63,11 +65,12 @@ Some of the Cryptomator Crypto Libraries have been [audited](https://cryptomator
|
||||
|
||||
[Visit github.com](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
|
||||
- [:fontawesome-brands-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
|
||||
- [:fontawesome-brands-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/HACKERALERT/Picocrypt)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
|
||||
- [:fontawesome-brands-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
|
||||
- [:fontawesome-brands-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/HACKERALERT/Picocrypt)
|
||||
|
||||
## OS Full Disk Encryption
|
||||
|
||||
@ -87,7 +90,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
|
||||
|
||||
??? example "Enabling BitLocker on Windows Home"
|
||||
|
||||
To enable BitLocker on "Home" editions of Windows, you must partitions formatted with formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated [TPM](https://en.wikipedia.org/wiki/Trusted_Platform_Module) (v1.2, 2.0+) module.
|
||||
To enable BitLocker on "Home" editions of Windows, you must partitions formatted with formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module.
|
||||
|
||||
1. Open Windows [PowerShell](https://en.wikipedia.org/wiki/PowerShell). Start "PowerShell"
|
||||
|
||||
@ -101,7 +104,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
|
||||
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm | findstr "IsActivated IsEnabled IsOwned SpecVersion"
|
||||
```
|
||||
|
||||
4. Access Windows 10 "Advanced Startup Options". (Press "reboot" while holding shift button). *Troubleshoot > Advanced Options > Command Prompt*
|
||||
4. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
|
||||
|
||||
5. Login with your account that has admin privileges and type this to start encryption:
|
||||
```
|
||||
@ -154,7 +157,7 @@ We recommend storing a local recovery key in a secure place as opposed to utiliz
|
||||
udisksctl unlock -b /dev/loop0
|
||||
```
|
||||
|
||||
!!! Warning "Remember to back up volume headers"
|
||||
!!! note "Remember to back up volume headers"
|
||||
|
||||
We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
|
||||
|
||||
@ -177,8 +180,9 @@ Browser-based encryption can be useful when you need to encrypt a file but canno
|
||||
|
||||
[Visit hat.sh](https://hat.sh){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/sh-dv/hat.sh)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/sh-dv/hat.sh)
|
||||
|
||||
## Command-line
|
||||
|
||||
@ -194,11 +198,12 @@ Tools with command-line interfaces are useful for intergrating [shell scripts](h
|
||||
|
||||
[Visit kryptor.co.uk](https://www.kryptor.co.uk){ .md-button .md-button--primary } [Privacy Policy](https://www.kryptor.co.uk/features#privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://www.kryptor.co.uk)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.kryptor.co.uk)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.kryptor.co.uk)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/samuel-lucas6/Kryptor)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://www.kryptor.co.uk)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.kryptor.co.uk)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.kryptor.co.uk)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/samuel-lucas6/Kryptor)
|
||||
|
||||
### Tomb
|
||||
|
||||
@ -210,16 +215,17 @@ Tools with command-line interfaces are useful for intergrating [shell scripts](h
|
||||
|
||||
[Visit dyne.org](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/dyne/Tomb)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/dyne/Tomb)
|
||||
|
||||
## OpenPGP
|
||||
|
||||
[OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP) is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options.
|
||||
OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options.
|
||||
|
||||
When encrypting with PGP, the user has the option to configure different options in their `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
|
||||
|
||||
??? tip "Use future defaults when generating a key"
|
||||
!!! tip "Use future defaults when generating a key"
|
||||
|
||||
When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
|
||||
|
||||
@ -237,12 +243,13 @@ When encrypting with PGP, the user has the option to configure different options
|
||||
|
||||
[Visit gnupg.org](https://gnupg.org){ .md-button .md-button--primary } [Privacy Policy](https://gnupg.org/privacy-policy.html){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
|
||||
- [:fontawesome-brands-apple: macOS](https://gpgtools.org)
|
||||
- [:fontawesome-brands-linux: Linux](https://gnupg.org/download/index.html#binary)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
|
||||
- [:fontawesome-brands-git: Source](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
|
||||
- [:fontawesome-brands-apple: macOS](https://gpgtools.org)
|
||||
- [:fontawesome-brands-linux: Linux](https://gnupg.org/download/index.html#binary)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
|
||||
- [:fontawesome-brands-git: Source](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git)
|
||||
|
||||
### GPG4win
|
||||
|
||||
@ -254,12 +261,17 @@ When encrypting with PGP, the user has the option to configure different options
|
||||
|
||||
[Visit gpg4win.org](https://gpg4win.org){ .md-button .md-button--primary } [Privacy Policy](https://gpg4win.org/privacy-policy.html){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
|
||||
- [:fontawesome-brands-git: Source](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
|
||||
- [:fontawesome-brands-git: Source](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary)
|
||||
|
||||
### GPG Suite
|
||||
|
||||
!!! note
|
||||
|
||||
We suggest [Canary Mail](email-clients/#canary-mail) for using PGP with email on iOS devices.
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
@ -270,13 +282,10 @@ When encrypting with PGP, the user has the option to configure different options
|
||||
|
||||
[Visit gpgtools.org](https://gpgtools.org){ .md-button .md-button--primary } [Privacy Policy](https://gpgtools.org/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-apple: macOS](https://gpgtools.org)
|
||||
- [:fontawesome-brands-git: Source](https://github.com/GPGTools)
|
||||
??? downloads
|
||||
|
||||
!!! note
|
||||
|
||||
We suggest [Canary Mail](email-clients/#canary-mail) for using PGP with email on iOS devices.
|
||||
- [:fontawesome-brands-apple: macOS](https://gpgtools.org)
|
||||
- [:fontawesome-brands-git: Source](https://github.com/GPGTools)
|
||||
|
||||
### OpenKeychain
|
||||
|
||||
@ -288,9 +297,10 @@ When encrypting with PGP, the user has the option to configure different options
|
||||
|
||||
[Visit openkeychain.org](https://www.openkeychain.org){ .md-button .md-button--primary } [Privacy Policy](https://www.openkeychain.org/help/privacy-policy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain/)
|
||||
- [:fontawesome-brands-git: Source](https://github.com/open-keychain/open-keychain)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain/)
|
||||
- [:fontawesome-brands-git: Source](https://github.com/open-keychain/open-keychain)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -16,11 +16,12 @@ Discover how to privately share your files between your devices, with your frien
|
||||
|
||||
[Visit onionshare.org](https://onionshare.org){ .md-button .md-button--primary } [:pg-tor:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://onionshare.org/#download)
|
||||
- [:fontawesome-brands-apple: macOS](https://onionshare.org/#download)
|
||||
- [:fontawesome-brands-linux: Linux](https://onionshare.org/#download)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/onionshare/onionshare)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://onionshare.org/#download)
|
||||
- [:fontawesome-brands-apple: macOS](https://onionshare.org/#download)
|
||||
- [:fontawesome-brands-linux: Linux](https://onionshare.org/#download)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/onionshare/onionshare)
|
||||
|
||||
### Magic Wormhole
|
||||
|
||||
@ -32,11 +33,12 @@ Discover how to privately share your files between your devices, with your frien
|
||||
|
||||
[Visit magic-wormhole.readthedocs.io](https://magic-wormhole.readthedocs.io){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
|
||||
- [:fontawesome-brands-apple: macOS](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#macos-os-x)
|
||||
- [:fontawesome-brands-linux: Linux](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/magic-wormhole/magic-wormhole)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
|
||||
- [:fontawesome-brands-apple: macOS](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#macos-os-x)
|
||||
- [:fontawesome-brands-linux: Linux](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/magic-wormhole/magic-wormhole)
|
||||
|
||||
## FreedomBox
|
||||
|
||||
@ -48,8 +50,9 @@ Discover how to privately share your files between your devices, with your frien
|
||||
|
||||
[Visit freedombox.org](https://freedombox.org){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-git: Source](https://salsa.debian.org/freedombox-team/freedombox)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-git: Source](https://salsa.debian.org/freedombox-team/freedombox)
|
||||
|
||||
## File Sync
|
||||
|
||||
@ -63,11 +66,12 @@ Discover how to privately share your files between your devices, with your frien
|
||||
|
||||
[Visit syncthing.net](https://syncthing.net){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://syncthing.net/downloads)
|
||||
- [:fontawesome-brands-apple: macOS](https://syncthing.net/downloads)
|
||||
- [:fontawesome-brands-linux: Linux](https://syncthing.net/downloads)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/syncthing)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://syncthing.net/downloads)
|
||||
- [:fontawesome-brands-apple: macOS](https://syncthing.net/downloads)
|
||||
- [:fontawesome-brands-linux: Linux](https://syncthing.net/downloads)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/syncthing)
|
||||
|
||||
### git-annex
|
||||
|
||||
@ -79,8 +83,9 @@ Discover how to privately share your files between your devices, with your frien
|
||||
|
||||
[Visit git-annex.branchable.com](https://git-annex.branchable.com){ .md-button .md-button--primary } [Privacy Policy](https://git-annex.branchable.com/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://git-annex.branchable.com/install/Windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://git-annex.branchable.com/install/OSX)
|
||||
- [:fontawesome-brands-linux: Linux](https://git-annex.branchable.com/install)
|
||||
- [:fontawesome-brands-git: Source](https://git-annex.branchable.com/install/fromsource/)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://git-annex.branchable.com/install/Windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://git-annex.branchable.com/install/OSX)
|
||||
- [:fontawesome-brands-linux: Linux](https://git-annex.branchable.com/install)
|
||||
- [:fontawesome-brands-git: Source](https://git-annex.branchable.com/install/fromsource/)
|
||||
|
||||
@ -20,7 +20,7 @@ If you don't already use Linux, below are some distributions we suggest trying o
|
||||
|
||||
[Visit getfedora.org](https://getfedora.org/){ .md-button .md-button--primary }
|
||||
|
||||
Fedora has a semi-[rolling release](https://en.wikipedia.org/wiki/Rolling_release) cycle. While some packages like [GNOME](https://www.gnome.org) are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.
|
||||
Fedora has a semi-rolling release cycle. While some packages like [GNOME](https://www.gnome.org) are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.
|
||||
|
||||
### openSUSE Tumbleweed
|
||||
|
||||
@ -28,7 +28,7 @@ Fedora has a semi-[rolling release](https://en.wikipedia.org/wiki/Rolling_releas
|
||||
|
||||
{ align=right }
|
||||
|
||||
**openSUSE Tumbleweed** is a stable [rolling release](https://en.wikipedia.org/wiki/Rolling_release) distribution.
|
||||
**openSUSE Tumbleweed** is a stable rolling release distribution.
|
||||
|
||||
openSUSE Tumbleweed has a [transactional update](https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/) system that uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) to ensure that snapshots can be rolled back should there be a problem.
|
||||
|
||||
@ -48,7 +48,7 @@ Tumbleweed follows a rolling release model where each update is released as a sn
|
||||
|
||||
Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
|
||||
|
||||
Being a DIY distribution, the user is [expected to setup and maintain](#arch-based-distributions) their system. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
|
||||
Being a DIY distribution, the user is [expected to set up and maintain](#arch-based-distributions) their system. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
|
||||
|
||||
A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org).
|
||||
|
||||
@ -130,15 +130,15 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
|
||||
|
||||
### Drive Encryption
|
||||
|
||||
Most Linux distributions have an installer option for enabling [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) FDE upon installation.
|
||||
Most Linux distributions have an installer option for enabling LUKS FDE upon installation.
|
||||
|
||||
If this option isn’t set at installation time, the user will have to backup their data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning) but before [file systems](https://en.wikipedia.org/wiki/File_system) are [formatted](https://en.wikipedia.org/wiki/Disk_formatting).
|
||||
If this option isn’t set at installation time, the user will have to backup their data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted.
|
||||
|
||||
When securely erasing storage devices such as a [Solid-state drive (SSD)](https://en.wikipedia.org/wiki/Solid-state_drive) you should use the [ATA Secure Erase](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) command. This command can be issued from your UEFI setup. If the storage device is a regular [hard drive](https://en.wikipedia.org/wiki/Hard_disk_drive), consider using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe).
|
||||
When securely erasing storage devices such as a Solid-state drive (SSD) you should use the [ATA Secure Erase](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) command. This command can be issued from your UEFI setup. If the storage device is a regular hard drive (HDD), consider using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe).
|
||||
|
||||
### Swap
|
||||
|
||||
Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM](https://fedoraproject.org/wiki/Changes/SwapOnZRAM) by default.
|
||||
Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM).
|
||||
|
||||
### Wayland
|
||||
|
||||
@ -170,11 +170,11 @@ There isn’t much point in randomizing the MAC address for Ethernet connections
|
||||
|
||||
### Other Identifiers
|
||||
|
||||
There are other system [identifiers](https://madaidans-insecurities.github.io/guides/linux-hardening.html#identifiers) which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](threat-modeling.md):
|
||||
There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](threat-modeling.md):
|
||||
|
||||
- [10.1 Hostnames and usernames](https://madaidans-insecurities.github.io/guides/linux-hardening.html#hostnames)
|
||||
- [10.2 Time zones / Locales / Keymaps](https://madaidans-insecurities.github.io/guides/linux-hardening.html#timezones-locales-keymaps)
|
||||
- [10.3 Machine ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id)
|
||||
- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings.
|
||||
- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name.
|
||||
- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).
|
||||
|
||||
### System Counting
|
||||
|
||||
@ -183,3 +183,5 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co
|
||||
This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
|
||||
|
||||
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -18,15 +18,15 @@ All these firewalls use the [Netfilter](https://en.wikipedia.org/wiki/Netfilter)
|
||||
|
||||
If you are using Flatpak packages, you can revoke their network socket access using Flatseal and prevent those applications from accessing your network. This permission is not bypassable.
|
||||
|
||||
If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [CGroupsv1](https://en.wikipedia.org/wiki/Cgroups) present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
|
||||
If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [cgroups](https://en.wikipedia.org/wiki/Cgroups) v1 present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
|
||||
|
||||
## Kernel hardening
|
||||
|
||||
There are some additional kernel hardening options such as configuring [sysctl](https://en.wikipedia.org/wiki/Sysctl#Linux) keys and [kernel command-line parameters](https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html) which are described in the following pages. We don’t recommend you change these options unless you learn about what they do.
|
||||
|
||||
- [2.2 Sysctl](https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl)
|
||||
- [2.3 Boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters)
|
||||
- [2.5 Kernel attack surface reduction](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction)
|
||||
- [Recommended sysctl settings](https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl)
|
||||
- [Recommended boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters)
|
||||
- [Additional recommendations to reduce the kernel's attack surface](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction)
|
||||
|
||||
Note that setting `kernel.unprivileged_userns_clone=0` will stop Flatpak, Snap (that depend on browser-sandbox), Electron based AppImages, Podman, Docker, and LXC containers from working. Do **not** set this flag if you are using container products.
|
||||
|
||||
@ -54,7 +54,7 @@ If you use [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/tool
|
||||
|
||||
## Linux Pluggable Authentication Modules (PAM)
|
||||
|
||||
There is also further hardening to [PAM](https://en.wikipedia.org/wiki/Linux_PAM) to secure authentication to your system. [14. PAM](https://madaidans-insecurities.github.io/guides/linux-hardening.html#pam) has some tips on this.
|
||||
There is also further hardening to [PAM](https://en.wikipedia.org/wiki/Linux_PAM) to secure authentication to your system. [This guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#pam) has some tips on this.
|
||||
|
||||
On Red Hat distributions you can use [`authselect`](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_authentication_and_authorization_in_rhel/configuring-user-authentication-using-authselect_configuring-authentication-and-authorization-in-rhel) to configure this e.g.:
|
||||
|
||||
@ -72,7 +72,7 @@ Another alternative option if you’re using the [linux-hardened](#linux-hardene
|
||||
|
||||
## Secure Boot
|
||||
|
||||
[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader). Some guidance for this is provided in [21. Physical security](https://madaidans-insecurities.github.io/guides/linux-hardening.html#physical-security) and [21.4 Verified boot](https://madaidans-insecurities.github.io/guides/linux-hardening.html#verified-boot).
|
||||
[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader). Some guidance for this is provided in [this physical security guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#physical-security) and [this verified boot guide](https://madaidans-insecurities.github.io/guides/linux-hardening.html#verified-boot).
|
||||
|
||||
For further resources on Secure Boot we suggest taking a look at the following for instructional advice:
|
||||
|
||||
@ -89,8 +89,10 @@ One of the problems with Secure Boot particularly on Linux is that only the [cha
|
||||
|
||||
- Creating an [EFI Boot Stub](https://docs.kernel.org/admin-guide/efi-stub.html) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option.
|
||||
- [Encrypting the boot partition](https://wiki.archlinux.org/title/GRUB#Encrypted_/boot). However, this has its own issues, the first being that [GRUB](https://en.wikipedia.org/wiki/GNU_GRUB) only supports [LUKS1](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) and not the newer default LUKS2 scheme. As the bootloader runs in [protected mode](https://en.wikipedia.org/wiki/Protected_mode) and the encryption module lacks [SSE acceleration](https://en.wikipedia.org/wiki/Streaming_SIMD_Extensions) the boot process will take minutes to complete.
|
||||
- Using [TPM](https://en.wikipedia.org/wiki/Trusted_Platform_Module) to perform a [measured boot](https://www.krose.org/~krose/measured_boot).
|
||||
- Using TPM to perform a [measured boot](https://www.krose.org/~krose/measured_boot).
|
||||
|
||||
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
|
||||
|
||||
These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -22,7 +22,7 @@ Our website generally uses the term “Linux” to describe desktop GNU/Linux di
|
||||
|
||||
## Release cycle
|
||||
|
||||
We highly recommend that you choose distributions which stay close to the stable upstream software releases. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||
We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates.
|
||||
|
||||
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such [example](https://www.debian.org/security/faq#handling)) rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.
|
||||
|
||||
@ -74,3 +74,5 @@ For advanced users, we only recommend Arch Linux, not any of its derivatives. We
|
||||
## Linux-libre kernel and “Libre” distributions
|
||||
|
||||
We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -24,9 +24,9 @@ Hard-coded access to some kernel interfaces like [`/sys`](https://en.wikipedia.o
|
||||
|
||||
### Firejail
|
||||
|
||||
[Firejail](https://firejail.wordpress.com/) is another method of sandboxing. As it is a large [setuid](https://en.wikipedia.org/wiki/Setuid) binary, it has a large [attack surface](https://en.wikipedia.org/wiki/Attack_surface) which may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation).
|
||||
[Firejail](https://firejail.wordpress.com/) is another method of sandboxing. As it is a large [setuid](https://en.wikipedia.org/wiki/Setuid) binary, it has a large attack surface which may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation).
|
||||
|
||||
The main risk is that Firejail may make the system safer from processes confined by it, but make it also less safe from processes running outside of Firejail. We [don’t recommend](https://madaidans-insecurities.github.io/linux.html#firejail) the use of Firejail.
|
||||
[This post from a Whonix security researcher](https://madaidans-insecurities.github.io/linux.html#firejail) provides additional details on how Firejail can worsen the security of your device.
|
||||
|
||||
### Mandatory Access Control
|
||||
|
||||
@ -55,10 +55,12 @@ For advanced users, you can make your own AppArmor profiles, SELinux policies, B
|
||||
|
||||
If you’re running a server you may have heard of Linux Containers, Docker, or Podman which refer to a kind of [OS-level virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization). Containers are more common in server and development environments where individual apps are built to operate independently.
|
||||
|
||||
[Docker](https://en.wikipedia.org/wiki/Docker_(software)) is one of the most common container solutions. It does not run a proper sandbox, and this means that there is a large kernel [attack surface](https://en.wikipedia.org/wiki/Attack_surface). The [daemon](https://en.wikipedia.org/wiki/Daemon_(computing)) controls everything and [typically](https://docs.docker.com/engine/security/rootless/#known-limitations) runs as root. If it crashes for some reason, all the containers will crash too. The [gVisor](https://en.wikipedia.org/wiki/GVisor) runtime which implements an application level kernel can help limit the number of [syscalls](https://en.wikipedia.org/wiki/System_call) an application can make and can help isolate it from the host’s [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)).
|
||||
[Docker](https://en.wikipedia.org/wiki/Docker_(software)) is one of the most common container solutions. It does not run a proper sandbox, and this means that there is a large kernel attack surface. The [daemon](https://en.wikipedia.org/wiki/Daemon_(computing)) controls everything and [typically](https://docs.docker.com/engine/security/rootless/#known-limitations) runs as root. If it crashes for some reason, all the containers will crash too. The [gVisor](https://en.wikipedia.org/wiki/GVisor) runtime which implements an application level kernel can help limit the number of [syscalls](https://en.wikipedia.org/wiki/System_call) an application can make and can help isolate it from the host’s [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)).
|
||||
|
||||
Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with SELinux to [isolate](https://www.redhat.com/sysadmin/apparmor-selinux-isolation) containers from each other. One of the notable differences between Docker and Podman is that Docker requires [root](https://en.wikipedia.org/wiki/Superuser) while Podman can run with [rootless containers](https://developers.redhat.com/blog/2020/09/25/rootless-containers-with-podman-the-basics) that are also [daemonless](https://developers.redhat.com/blog/2018/08/29/intro-to-podman), meaning if one crashes they don’t all come down.
|
||||
|
||||
Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
|
||||
|
||||
These container technologies can be useful even for enthusiastic home users who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -18,12 +18,13 @@ When sharing files, be sure to remove associated metadata. Image files commonly
|
||||
|
||||
[Visit 0xacab.org](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2)
|
||||
- [:fontawesome-brands-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
|
||||
- [:fontawesome-brands-linux: Linux](https://pypi.org/project/mat2)
|
||||
- [:fontawesome-solid-earth-americas: Web](https://0xacab.org/jvoisin/mat2#web-interface)
|
||||
- [:fontawesome-brands-gitlab: Source](https://0xacab.org/jvoisin/mat2)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2)
|
||||
- [:fontawesome-brands-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
|
||||
- [:fontawesome-brands-linux: Linux](https://pypi.org/project/mat2)
|
||||
- [:fontawesome-solid-earth-americas: Web](https://0xacab.org/jvoisin/mat2#web-interface)
|
||||
- [:fontawesome-brands-gitlab: Source](https://0xacab.org/jvoisin/mat2)
|
||||
|
||||
### ExifCleaner
|
||||
|
||||
@ -35,11 +36,12 @@ When sharing files, be sure to remove associated metadata. Image files commonly
|
||||
|
||||
[Visit exifcleaner.com](https://exifcleaner.com){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/szTheory/exifcleaner/releases)
|
||||
- [:fontawesome-brands-apple: macOS](https://github.com/szTheory/exifcleaner/releases)
|
||||
- [:fontawesome-brands-linux: Linux](https://github.com/szTheory/exifcleaner/releases)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/szTheory/exifcleaner)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/szTheory/exifcleaner/releases)
|
||||
- [:fontawesome-brands-apple: macOS](https://github.com/szTheory/exifcleaner/releases)
|
||||
- [:fontawesome-brands-linux: Linux](https://github.com/szTheory/exifcleaner/releases)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/szTheory/exifcleaner)
|
||||
|
||||
## Mobile
|
||||
|
||||
@ -53,17 +55,14 @@ When sharing files, be sure to remove associated metadata. Image files commonly
|
||||
|
||||
[Visit gitlab.com](https://gitlab.com/juanitobananas/scrambled-exif){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.jarsilio.android.scrambledeggsif)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.jarsilio.android.scrambledeggsif)
|
||||
- [:fontawesome-brands-gitlab: Source](https://gitlab.com/juanitobananas/scrambled-exif)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.jarsilio.android.scrambledeggsif)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.jarsilio.android.scrambledeggsif)
|
||||
- [:fontawesome-brands-gitlab: Source](https://gitlab.com/juanitobananas/scrambled-exif)
|
||||
|
||||
### Imagepipe
|
||||
|
||||
!!! info
|
||||
|
||||
Imagepipe is only available from F-Droid and not in Google Play. If you're looking for a paint app in Google Play we suggest [Pocket Paint](https://play.google.com/store/apps/details?id=org.catrobat.paintroid).
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
@ -72,9 +71,12 @@ When sharing files, be sure to remove associated metadata. Image files commonly
|
||||
|
||||
[Visit codeberg.org](https://codeberg.org/Starfish/Imagepipe){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.kaffeemitkoffein.imagepipe/)
|
||||
- [:fontawesome-brands-git: Source](https://codeberg.org/Starfish/Imagepipe)
|
||||
??? downloads
|
||||
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.kaffeemitkoffein.imagepipe/)
|
||||
- [:fontawesome-brands-git: Source](https://codeberg.org/Starfish/Imagepipe)
|
||||
|
||||
Imagepipe is only available from F-Droid and not in Google Play. If you're looking for a paint app in Google Play we suggest [Pocket Paint](https://play.google.com/store/apps/details?id=org.catrobat.paintroid).
|
||||
|
||||
### Metapho
|
||||
|
||||
@ -90,8 +92,9 @@ When sharing files, be sure to remove associated metadata. Image files commonly
|
||||
|
||||
[Visit zininworks.com](https://zininworks.com/metapho){ .md-button .md-button--primary } [Privacy Policy](https://zininworks.com/privacy/){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/metapho/id914457352)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/metapho/id914457352)
|
||||
|
||||
## Command-line
|
||||
|
||||
@ -107,17 +110,19 @@ When sharing files, be sure to remove associated metadata. Image files commonly
|
||||
|
||||
[Visit exiftool.org](https://exiftool.org){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://exiftool.org)
|
||||
- [:fontawesome-brands-apple: macOS](https://exiftool.org)
|
||||
- [:fontawesome-brands-linux: Linux](https://exiftool.org)
|
||||
- [:fontawesome-brands-git: Source](https://sourceforge.net/projects/exiftool)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/exiftool/exiftool)
|
||||
??? downloads
|
||||
|
||||
To delete data from a directory of files:
|
||||
- [:fontawesome-brands-windows: Windows](https://exiftool.org)
|
||||
- [:fontawesome-brands-apple: macOS](https://exiftool.org)
|
||||
- [:fontawesome-brands-linux: Linux](https://exiftool.org)
|
||||
- [:fontawesome-brands-git: Source](https://sourceforge.net/projects/exiftool)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/exiftool/exiftool)
|
||||
|
||||
```bash
|
||||
exiftool -all= *.file_extension
|
||||
```
|
||||
|
||||
!!! example "Deleting data from a directory of files"
|
||||
|
||||
```bash
|
||||
exiftool -all= *.file_extension
|
||||
```
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -41,18 +41,18 @@ Nitrokey models can be configured using the [Nitrokey app](https://www.nitrokey.
|
||||
|
||||
For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface.
|
||||
|
||||
The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism's [Librem Key](https://puri.sm/products/librem-key/) is a rebranded NitroKey Pro 2 with similar firmware and can also be used for the same purposes.
|
||||
|
||||
The Nitrokey has an open source firmware, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable.
|
||||
|
||||
!!! warning
|
||||
|
||||
While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks.
|
||||
|
||||
!!! attention
|
||||
!!! warning
|
||||
|
||||
Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/factory-reset.html).
|
||||
|
||||
The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism's [Librem Key](https://puri.sm/products/librem-key/) is a rebranded NitroKey Pro 2 with similar firmware and can also be used for the same purposes.
|
||||
|
||||
The Nitrokey has an open source firmware, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable.
|
||||
|
||||
!!! tip
|
||||
|
||||
The Nitrokey app, while compatible with Librem Keys, requires `libnitrokey` version 3.6 or above to recognize them. Currently, the package is outdated on Windows, macOS, and most Linux distributions' repository, so you will likely have to compile the Nitrokey app yourself to get it working with the Librem Key. On Linux, you can obtain an up-to-date version from [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app).
|
||||
@ -73,10 +73,11 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
|
||||
[Visit getaegis.app](https://getaegis.app){ .md-button .md-button--primary } [Privacy Policy](https://getaegis.app/aegis/privacy.html){ .md-button }
|
||||
|
||||
**Downloads:**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.beemdevelopment.aegis)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/beemdevelopment/Aegis)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.beemdevelopment.aegis)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/beemdevelopment/Aegis)
|
||||
|
||||
### Raivo OTP
|
||||
|
||||
@ -88,9 +89,10 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
|
||||
[Visit github.com](https://github.com/raivo-otp/ios-application){ .md-button .md-button--primary } [Privacy Policy](https://github.com/raivo-otp/ios-application/blob/master/PRIVACY.md){ .md-button }
|
||||
|
||||
**Downloads:**
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/us/app/raivo-otp/id1498497896)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/raivo-otp/ios-application)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/us/app/raivo-otp/id1498497896)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/raivo-otp/ios-application)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -17,10 +17,11 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
|
||||
|
||||
[Visit hyliu.me](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } [Privacy Policy](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://hyliu.me/fluent-reader)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/id1520907427)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/yang991178/fluent-reader.git)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://hyliu.me/fluent-reader)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/id1520907427)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/yang991178/fluent-reader.git)
|
||||
|
||||
### GNOME Feeds
|
||||
|
||||
@ -32,10 +33,11 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
|
||||
|
||||
[Visit gfeeds.gabmus.org](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-linux: Linux](https://gfeeds.gabmus.org/#install)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gabmus.gfeeds)
|
||||
- [:fontawesome-brands-gitlab: Source](https://gitlab.gnome.org/World/gfeeds)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-linux: Linux](https://gfeeds.gabmus.org/#install)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gabmus.gfeeds)
|
||||
- [:fontawesome-brands-gitlab: Source](https://gitlab.gnome.org/World/gfeeds)
|
||||
|
||||
### Akregator
|
||||
|
||||
@ -47,9 +49,10 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
|
||||
|
||||
[Visit kde.org](https://apps.kde.org/akregator){ .md-button .md-button--primary } [Privacy Policy](https://kde.org/privacypolicy-apps){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.akregator)
|
||||
- [:fontawesome-brands-git: Source](https://invent.kde.org/pim/akregator)
|
||||
??? downloads
|
||||
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.akregator)
|
||||
- [:fontawesome-brands-git: Source](https://invent.kde.org/pim/akregator)
|
||||
|
||||
### Handy News Reader
|
||||
|
||||
@ -61,10 +64,11 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
|
||||
|
||||
[Visit yanus171.github.io](https://yanus171.github.io/Handy-News-Reader/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=ru.yanus171.feedexfork)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/ru.yanus171.feedexfork/)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/yanus171/Handy-News-Reader)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=ru.yanus171.feedexfork)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/ru.yanus171.feedexfork/)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/yanus171/Handy-News-Reader)
|
||||
|
||||
### NetNewsWire
|
||||
|
||||
@ -76,10 +80,11 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
|
||||
|
||||
[Visit netnewswire.com](https://netnewswire.com/){ .md-button .md-button--primary } [Privacy Policy](https://netnewswire.com/privacypolicy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-apple: macOS](https://netnewswire.com)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/Ranchero-Software/NetNewsWire)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-apple: macOS](https://netnewswire.com)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/Ranchero-Software/NetNewsWire)
|
||||
|
||||
### Miniflux
|
||||
|
||||
@ -92,8 +97,9 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
|
||||
|
||||
[Visit miniflux.app](https://miniflux.app){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/miniflux)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/miniflux)
|
||||
|
||||
### Newsboat
|
||||
|
||||
@ -105,8 +111,9 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
|
||||
|
||||
[Visit newsboat.org](https://newsboat.org){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/newsboat/newsboat)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/newsboat/newsboat)
|
||||
|
||||
## Social media that supports RSS
|
||||
|
||||
@ -114,27 +121,33 @@ Some social media services also support RSS although it's not often advertised.
|
||||
|
||||
### YouTube
|
||||
|
||||
You can subscribe YouTube channels without logging in and associating usage information with your Google Account. To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `channel_id` below:
|
||||
You can subscribe YouTube channels without logging in and associating usage information with your Google Account.
|
||||
!!! example
|
||||
|
||||
```text
|
||||
https://www.youtube.com/feeds/videos.xml?channel_id={{ channel id }}
|
||||
```
|
||||
To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `channel_id` below:
|
||||
```text
|
||||
https://www.youtube.com/feeds/videos.xml?channel_id={{ channel id }}
|
||||
```
|
||||
|
||||
### Reddit
|
||||
|
||||
Reddit also supports subscription via RSS, just replace `subreddit_name` with the subreddit you wish to subscribe to.
|
||||
Reddit also supports subscription via RSS.
|
||||
|
||||
```text
|
||||
https://www.reddit.com/r/{{ subreddit_name }}/new/.rss
|
||||
```
|
||||
!!! example
|
||||
Replace `subreddit_name` with the subreddit you wish to subscribe to.
|
||||
|
||||
```text
|
||||
https://www.reddit.com/r/{{ subreddit_name }}/new/.rss
|
||||
```
|
||||
|
||||
### Twitter
|
||||
|
||||
Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instances) you can easily subscribe using RSS.
|
||||
|
||||
1. Pick an instance and set `nitter_instance`.
|
||||
2. Replace `twitter_account` with the account name.
|
||||
!!! example
|
||||
1. Pick an instance and set `nitter_instance`.
|
||||
2. Replace `twitter_account` with the account name.
|
||||
|
||||
```text
|
||||
https://{{ nitter_instance }}/{{ twitter_account }}/rss
|
||||
```
|
||||
```text
|
||||
https://{{ nitter_instance }}/{{ twitter_account }}/rss
|
||||
```
|
||||
|
||||
@ -19,20 +19,19 @@ If you are currently using an application like Evernote, Google Keep, or Microso
|
||||
|
||||
[Visit joplinapp.org](https://joplinapp.org/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://joplinapp.org/#desktop-applications)
|
||||
- [:fontawesome-brands-apple: macOS](https://joplinapp.org/#desktop-applications)
|
||||
- [:fontawesome-brands-linux: Linux](https://joplinapp.org/#desktop-applications)
|
||||
- [:fontawesome-brands-firefox-browser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.cozic.joplin)
|
||||
- [:fontawesome-brands-android: Android](https://joplinapp.org/#mobile-applications)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/laurent22/joplin)
|
||||
??? downloads
|
||||
|
||||
!!! warning
|
||||
- [:fontawesome-brands-windows: Windows](https://joplinapp.org/#desktop-applications)
|
||||
- [:fontawesome-brands-apple: macOS](https://joplinapp.org/#desktop-applications)
|
||||
- [:fontawesome-brands-linux: Linux](https://joplinapp.org/#desktop-applications)
|
||||
- [:fontawesome-brands-firefox-browser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/joplin/id1315599797)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.cozic.joplin)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/laurent22/joplin)
|
||||
|
||||
Note: As of Dec 2018, Joplin does not support password/pin protection for the application itself or individual notes/notebooks. Data is still encrypted in transit and at sync location using your master key. See [open issue](https://github.com/laurent22/joplin/issues/289).
|
||||
Joplin does not support password/pin protection for the [application itself or individual notes/notebooks](https://github.com/laurent22/joplin/issues/289). Data is still encrypted in transit and at the sync location using your master key.
|
||||
|
||||
### Standard Notes
|
||||
|
||||
@ -42,21 +41,53 @@ If you are currently using an application like Evernote, Google Keep, or Microso
|
||||
|
||||
Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
|
||||
|
||||
[Visit standardnotes.org](https://standardnotes.org/){ .md-button .md-button--primary }
|
||||
[Visit standardnotes.com](https://standardnotes.com){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://standardnotes.org/#get-started)
|
||||
- [:fontawesome-brands-apple: macOS](https://standardnotes.org/#get-started)
|
||||
- [:fontawesome-brands-linux: Linux](https://standardnotes.org/#get-started)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1285392450)
|
||||
- [:octicons-browser-16: Browser](https://app.standardnotes.org/)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/standardnotes)
|
||||
??? downloads
|
||||
|
||||
## Worth Mentioning
|
||||
- [:fontawesome-brands-windows: Windows](https://standardnotes.com)
|
||||
- [:fontawesome-brands-apple: macOS](https://standardnotes.com)
|
||||
- [:fontawesome-brands-linux: Linux](https://standardnotes.com)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1285392450)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.standardnotes)
|
||||
- [:octicons-browser-16: Browser](https://app.standardnotes.com/)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/standardnotes)
|
||||
|
||||
- [EteSync](https://www.etesync.com/) - Secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes.
|
||||
- [Paperwork](https://paperwork.cloud/) - An open-source and self-hosted solution. For PHP / MySQL servers.
|
||||
- [Org-mode](https://orgmode.org) - A major mode for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system.
|
||||
### EteSync Notes
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**EteSync Notes** is a secure, end-to-end encrypted, and privacy-respecting note taking app. EteSync also offers optional software as a service for [$24 per year](https://dashboard.etebase.com/user/partner/pricing/), or you can host the server yourself for free.
|
||||
|
||||
[etebase](https://docs.etebase.com), which is the foundation of EteSync, can also be used by other apps as a backend to store data end-to-end encrypted (E2EE).
|
||||
|
||||
[Visit etesync.com](https://www.etesync.com){ .md-button .md-button--primary } [Privacy Policy](https://www.etesync.com/tos/#privacy){ .md-button }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.etesync.notes)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.etesync.notes)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/etesync-notes/id1533806351)
|
||||
- [:octicons-browser-16: Browser](https://notes.etesync.com)
|
||||
- [:fontawesome-brands-github: GitHub](https://github.com/etesync)
|
||||
|
||||
## Local notebooks
|
||||
|
||||
### Org-mode
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](/software/file-sharing/#sync) tools.
|
||||
|
||||
[Visit orgmode.org](https://orgmode.org){ .md-button .md-button--primary }
|
||||
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-git: Source](https://git.savannah.gnu.org/cgit/emacs/org-mode.git)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -14,45 +14,45 @@ Stay safe and secure online with an encrypted and open-source password manager.
|
||||
|
||||
These password managers store the password database locally.
|
||||
|
||||
### KeepassXC
|
||||
### KeePassXC
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager.
|
||||
|
||||
[Visit keepassxc.org](https://keepassxc.org){ .md-button .md-button--primary } [Privacy Policy](https://keepassxc.org/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://keepassxc.org/download/#windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://keepassxc.org/download/#mac)
|
||||
- [:fontawesome-brands-linux: Linux](https://keepassxc.org/download/#linux)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/keepassxreboot/keepassxc)
|
||||
??? downloads
|
||||
|
||||
!!! warning
|
||||
- [:fontawesome-brands-windows: Windows](https://keepassxc.org/download/#windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://keepassxc.org/download/#mac)
|
||||
- [:fontawesome-brands-linux: Linux](https://keepassxc.org/download/#linux)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/keepassxreboot/keepassxc)
|
||||
|
||||
KeepassXC stores its export data as [comma-separated values (CSV)](https://en.wikipedia.org/wiki/Comma-separated_values). This may mean data loss if you import this file into another password manager. We advise you check each record manually.
|
||||
KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually.
|
||||
|
||||
### KeepassDX
|
||||
### KeePassDX
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**KeepassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
|
||||
**KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
|
||||
|
||||
For more details, we recommend looking at their [FAQ](https://github.com/Kunzisoft/KeePassDX/wiki/FAQ).
|
||||
|
||||
[Visit keepassdx.com](https://www.keepassdx.com){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
|
||||
- [:pg-f-droid: F-Droid](https://www.f-droid.org/packages/com.kunzisoft.keepass.libre)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/Kunzisoft/KeePassDX)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
|
||||
- [:pg-f-droid: F-Droid](https://www.f-droid.org/packages/com.kunzisoft.keepass.libre)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/Kunzisoft/KeePassDX)
|
||||
|
||||
## Cloud Syncing Password Managers
|
||||
|
||||
@ -68,18 +68,19 @@ These password managers sync up to a cloud server that may be self-hostable.
|
||||
|
||||
[Visit bitwarden.com](https://bitwarden.com){ .md-button .md-button--primary } [Privacy Policy](https://bitwarden.com/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://bitwarden.com/download)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/bitwarden/id1352778147)
|
||||
- [:fontawesome-brands-linux: Linux](https://bitwarden.com/download)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.bitwarden.desktop)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden)
|
||||
- [:pg-f-droid: F-Droid](https://mobileapp.bitwarden.com/fdroid)
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
|
||||
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/bitwarden)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://bitwarden.com/download)
|
||||
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/bitwarden/id1352778147)
|
||||
- [:fontawesome-brands-linux: Linux](https://bitwarden.com/download)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.bitwarden.desktop)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden)
|
||||
- [:pg-f-droid: F-Droid](https://mobileapp.bitwarden.com/fdroid)
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
|
||||
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/bitwarden)
|
||||
|
||||
### Psono
|
||||
|
||||
@ -91,13 +92,14 @@ These password managers sync up to a cloud server that may be self-hostable.
|
||||
|
||||
[Visit psono.com](https://psono.com){ .md-button .md-button--primary } [Privacy Policy](https://psono.com/privacy-policy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224)
|
||||
- [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/psono/psono-client)
|
||||
- [:fontawesome-brands-github: Source](https://gitlab.com/psono)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager)
|
||||
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224)
|
||||
- [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/psono/psono-client)
|
||||
- [:fontawesome-brands-github: Source](https://gitlab.com/psono)
|
||||
|
||||
## Password Management Servers
|
||||
|
||||
@ -114,9 +116,10 @@ These products are self-hostable synchronization for cloud based password manage
|
||||
|
||||
[Visit github.com](https://github.com/dani-garcia/vaultwarden){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/vaultwarden/server)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/dani-garcia/vaultwarden)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/vaultwarden/server)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/dani-garcia/vaultwarden)
|
||||
|
||||
### Psono Server
|
||||
|
||||
@ -128,9 +131,10 @@ These products are self-hostable synchronization for cloud based password manage
|
||||
|
||||
[Visit gitlab.com](https://gitlab.com/psono/psono-server){ .md-button .md-button--primary } [Privacy Policy](https://psono.com/privacy-policy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/psono/psono-server)
|
||||
- [:fontawesome-brands-gitlab: Source](https://gitlab.com/psono/psono-server)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/psono/psono-server)
|
||||
- [:fontawesome-brands-gitlab: Source](https://gitlab.com/psono/psono-server)
|
||||
|
||||
## Minimal Password Managers
|
||||
|
||||
@ -146,11 +150,12 @@ These products are minimal password managers that can be used within scripting a
|
||||
|
||||
[Visit gopass.pw](https://www.gopass.pw){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://www.gopass.pw/#install-windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.gopass.pw/#install-macos)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.gopass.pw/#install-linux)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/gopasspw/gopass)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://www.gopass.pw/#install-windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.gopass.pw/#install-macos)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.gopass.pw/#install-linux)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/gopasspw/gopass)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -16,17 +16,18 @@ Get working and collaborating without sharing your documents with a middleman or
|
||||
|
||||
[Visit libreoffice.org](https://www.libreoffice.org){ .md-button .md-button--primary } [Privacy Policy](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://www.libreoffice.org/download/download/)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.libreoffice.org/download/download/)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.libreoffice.org/download/download/)
|
||||
- [:pg-flathub: Flatpak](https://www.libreoffice.org/download/download/)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/editors/libreoffice/)
|
||||
- [:pg-openbsd: OpenBSD](https://openports.se/editors/libreoffice)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/misc/libreoffice)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://www.libreoffice.org/download/android-and-ios/)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://www.libreoffice.org/download/android-and-ios/)
|
||||
- [:fontawesome-brands-git: Source](https://www.libreoffice.org/about-us/source-code)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://www.libreoffice.org/download/download/)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.libreoffice.org/download/download/)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.libreoffice.org/download/download/)
|
||||
- [:pg-flathub: Flatpak](https://www.libreoffice.org/download/download/)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/editors/libreoffice/)
|
||||
- [:pg-openbsd: OpenBSD](https://openports.se/editors/libreoffice)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/misc/libreoffice)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://www.libreoffice.org/download/android-and-ios/)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://www.libreoffice.org/download/android-and-ios/)
|
||||
- [:fontawesome-brands-git: Source](https://www.libreoffice.org/about-us/source-code)
|
||||
|
||||
### OnlyOffice
|
||||
|
||||
@ -38,14 +39,15 @@ Get working and collaborating without sharing your documents with a middleman or
|
||||
|
||||
[Visit onlyoffice.com](https://www.onlyoffice.com){ .md-button .md-button--primary } [Privacy Policy](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://www.onlyoffice.com/download-desktop.aspx?from=default)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx?from=default)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.libreoffice.org/download/download/)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.onlyoffice.documents)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/onlyoffice-documents/id944896972)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/ONLYOFFICE)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://www.onlyoffice.com/download-desktop.aspx?from=default)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx?from=default)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.libreoffice.org/download/download/)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.onlyoffice.documents)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/onlyoffice-documents/id944896972)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/ONLYOFFICE)
|
||||
|
||||
## Planning
|
||||
|
||||
@ -59,8 +61,9 @@ Get working and collaborating without sharing your documents with a middleman or
|
||||
|
||||
[Visit framadate.org](https://framadate.org){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-gitlab: Source](https://framagit.org/framasoft/framadate)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-gitlab: Source](https://framagit.org/framasoft/framadate)
|
||||
|
||||
## Paste services
|
||||
|
||||
@ -74,10 +77,12 @@ Get working and collaborating without sharing your documents with a middleman or
|
||||
|
||||
[Visit privatebin.info](https://privatebin.info){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/PrivateBin/PrivateBin)
|
||||
??? downloads
|
||||
|
||||
Do note that PrivateBin uses JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
|
||||
- [:fontawesome-brands-github: Source](https://github.com/PrivateBin/PrivateBin)
|
||||
|
||||
!!! warning
|
||||
PrivateBin uses JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
|
||||
|
||||
### CryptPad
|
||||
|
||||
@ -85,12 +90,16 @@ Do note that PrivateBin uses JavaScript to handle encryption, so you must trust
|
||||
|
||||
{ align=right }
|
||||
|
||||
**CryptPad** is a private-by-design alternative to popular office tools. All content is end-to-end encrypted. Do note that it uses JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
|
||||
**CryptPad** is a private-by-design alternative to popular office tools. All content is end-to-end encrypted.
|
||||
|
||||
[Visit cryptpad.fr](https://cryptpad.fr){ .md-button .md-button--primary } [Privacy Policy](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/xwiki-labs/cryptpad)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/xwiki-labs/cryptpad)
|
||||
|
||||
!!! warning
|
||||
CryptPad uses JavaScript to handle encryption, so you must trust the provider to the extent that they do not inject any malicious JavaScript to get your private key. Consider self-hosting to mitigate this threat.
|
||||
|
||||
## Blogging
|
||||
|
||||
@ -105,14 +114,15 @@ Do note that PrivateBin uses JavaScript to handle encryption, so you must trust
|
||||
|
||||
[Visit write.as](https://write.as){ .md-button .md-button--primary } [:pg-tor:](http://writeasw4b635r4o3vec6mu45s47ohfyro5vayzx2zjwod4pjswyovyd.onion){ .md-button } [Privacy Policy](https://write.as/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/writeas/writeas-cli)
|
||||
- [:fontawesome-brands-apple: macOS](https://github.com/writeas/writeas-cli)
|
||||
- [:fontawesome-brands-linux: Linux](https://github.com/writeas/writeas-cli)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://write.as/apps)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.abunchtell.writeas)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1531530896)
|
||||
- [:fontawesome-brands-git: Source](https://code.as/writeas)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/writeas/writeas-cli)
|
||||
- [:fontawesome-brands-apple: macOS](https://github.com/writeas/writeas-cli)
|
||||
- [:fontawesome-brands-linux: Linux](https://github.com/writeas/writeas-cli)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://write.as/apps)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.abunchtell.writeas)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1531530896)
|
||||
- [:fontawesome-brands-git: Source](https://code.as/writeas)
|
||||
|
||||
## Programming
|
||||
|
||||
@ -126,8 +136,9 @@ Do note that PrivateBin uses JavaScript to handle encryption, so you must trust
|
||||
|
||||
[Visit vscodium.com](https://vscodium.com){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://vscodium.com/#install)
|
||||
- [:fontawesome-brands-apple: macOS](https://vscodium.com/#install)
|
||||
- [:fontawesome-brands-linux: Linux](https://vscodium.com/#install)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/VSCodium/vscodium)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://vscodium.com/#install)
|
||||
- [:fontawesome-brands-apple: macOS](https://vscodium.com/#install)
|
||||
- [:fontawesome-brands-linux: Linux](https://vscodium.com/#install)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/VSCodium/vscodium)
|
||||
|
||||
@ -14,5 +14,6 @@ Qubes OS is a distribution of Linux that uses [Xen](https://en.wikipedia.org/wik
|
||||
|
||||
[Visit qubes-os.org](https://www.qubes-os.org/){ .md-button .md-button--primary } [:pg-tor:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .md-button } [Privacy Policy](https://www.qubes-os.org/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/QubesOS)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/QubesOS)
|
||||
|
||||
@ -16,13 +16,14 @@ icon: material/chat-processing
|
||||
|
||||
[Visit signal.org](https://signal.org/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://signal.org/download)
|
||||
- [:fontawesome-brands-apple: macOS](https://signal.org/download)
|
||||
- [:fontawesome-brands-linux: Linux](https://signal.org/download)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id874139669)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/signalapp)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://signal.org/download)
|
||||
- [:fontawesome-brands-apple: macOS](https://signal.org/download)
|
||||
- [:fontawesome-brands-linux: Linux](https://signal.org/download)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id874139669)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/signalapp)
|
||||
|
||||
Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server.
|
||||
|
||||
@ -44,14 +45,15 @@ The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf)
|
||||
|
||||
[Visit element.io](https://element.io/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://element.io/get-started)
|
||||
- [:fontawesome-brands-apple: macOS](https://element.io/get-started)
|
||||
- [:fontawesome-brands-linux: Linux](https://element.io/get-started)
|
||||
- [:fontawesome-brands-android: Android](https://f-droid.org/packages/im.vector.app/)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/vector/id1083446067)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/vector-im/element-web)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://element.io/get-started)
|
||||
- [:fontawesome-brands-apple: macOS](https://element.io/get-started)
|
||||
- [:fontawesome-brands-linux: Linux](https://element.io/get-started)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/im.vector.app/)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/vector/id1083446067)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/vector-im/element-web)
|
||||
|
||||
Profile pictures, reactions, and nicknames are not encrypted.
|
||||
|
||||
@ -71,10 +73,11 @@ The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matr
|
||||
|
||||
[Visit briarproject.org](https://briarproject.org/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-android: Android](https://f-droid.org/packages/org.briarproject.briar.android)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.briarproject.briar.android)
|
||||
- [:fontawesome-brands-git: Source](https://code.briarproject.org/briar/briar)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.briarproject.briar.android)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.briarproject.briar.android)
|
||||
- [:fontawesome-brands-git: Source](https://code.briarproject.org/briar/briar)
|
||||
|
||||
To add a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby.
|
||||
|
||||
@ -94,15 +97,16 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https://
|
||||
|
||||
[Visit getsession.org](https://getsession.org/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://getsession.org/windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://getsession.org/mac)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1470168868)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.getsession.org/linux)
|
||||
- [:fontawesome-brands-android: Android](https://fdroid.getsession.org/)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger)
|
||||
- [:pg-f-droid: F-Droid](https://fdroid.getsession.org)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/oxen-io/session-desktop)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://getsession.org/windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://getsession.org/mac)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1470168868)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.getsession.org/linux)
|
||||
- [:fontawesome-brands-android: Android](https://fdroid.getsession.org/)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger)
|
||||
- [:pg-f-droid: F-Droid](https://fdroid.getsession.org)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/oxen-io/session-desktop)
|
||||
|
||||
Session allows for E2EE in one-to-one or closed rooms that allow up to 100 members. Open rooms have no restriction on the number of members, but anyone can join.
|
||||
|
||||
|
||||
@ -6,9 +6,6 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F
|
||||
|
||||
### OpenWrt
|
||||
|
||||
!!! note
|
||||
Consult the [Table of Hardware](https://openwrt.org/toh/start) to check if your device is supported.
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
@ -18,8 +15,11 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F
|
||||
|
||||
[Visit openwrt.org](https://openwrt.org){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-git: Source](https://git.openwrt.org)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-git: Source](https://git.openwrt.org)
|
||||
|
||||
You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported.
|
||||
|
||||
### pfSense
|
||||
|
||||
@ -32,7 +32,8 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F
|
||||
|
||||
[Visit pfsense.org](https://www.pfsense.org){ .md-button .md-button--primary } [Privacy Policy](https://www.pfsense.org/privacy.html){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/pfsense)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/pfsense)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -20,9 +20,7 @@ Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your thr
|
||||
|
||||
[Visit duckduckgo.com](https://duckduckgo.com){ .md-button .md-button--primary } [:pg-tor:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .md-button } [Privacy Policy](https://duckduckgo.com/privacy){ .md-button }
|
||||
|
||||
!!! note
|
||||
|
||||
DuckDuckGo is based in the 🇺🇸 US. Their [Privacy Policy](https://duckduckgo.com/privacy) states they do log your search query, but not your IP or any other identifying information.
|
||||
DuckDuckGo is based in the :flag_us: US. Their [Privacy Policy](https://duckduckgo.com/privacy) states they **do** log your search query, but not your IP or any other identifying information.
|
||||
|
||||
DuckDuckGo has a [lite](https://duckduckgo.com/lite) and [html](https://duckduckgo.com/html) only version, both of which [do not require JavaScript](https://help.duckduckgo.com/features/non-javascript) and can be used with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) (append [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version).
|
||||
|
||||
@ -36,9 +34,7 @@ DuckDuckGo has a [lite](https://duckduckgo.com/lite) and [html](https://duckduck
|
||||
|
||||
[Visit startpage.com](https://www.startpage.com){ .md-button .md-button--primary } [Privacy Policy](https://www.startpage.com/en/privacy-policy){ .md-button }
|
||||
|
||||
!!! note
|
||||
|
||||
Startpage is based in the 🇳🇱 Netherlands. According to their [Privacy Policy](https://www.startpage.com/en/privacy-policy/), they only log details such as: operating system, type of browser and language. They do not log your IP address, search queries or other identifying information. Startpage proxies Google Search so Google does have access to your search queries.
|
||||
Startpage is based in the :flag_nl: Netherlands. According to their [Privacy Policy](https://www.startpage.com/en/privacy-policy/), they only log details such as: operating system, type of browser and language. They do not log your IP address, search queries or other identifying information. Startpage proxies Google Search so Google does have access to your search queries.
|
||||
|
||||
Startpage's majority shareholder is System1 who is an adtech company. We don't think that is an issue as they have their own Privacy Policy. The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) for clarification and was satisfied by the answers we received.
|
||||
|
||||
@ -52,9 +48,7 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't t
|
||||
|
||||
[Visit mojeek.com](https://www.mojeek.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mojeek.com/about/privacy){ .md-button }
|
||||
|
||||
!!! note
|
||||
|
||||
The company is based in the 🇬🇧 UK. According to their [Privacy Policy](https://www.mojeek.com/about/privacy/), they log the originating country, time, page requested, and referral data of each query. IP addresses are not logged.
|
||||
The company is based in the :flag_gb: UK. According to their [Privacy Policy](https://www.mojeek.com/about/privacy/), they log the originating country, time, page requested, and referral data of each query. IP addresses are not logged.
|
||||
|
||||
### Searx
|
||||
|
||||
@ -66,8 +60,9 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't t
|
||||
|
||||
[Visit searx.github.io](https://searx.github.io/searx){ .md-button .md-button--primary } [:pg-tor:](http://searxspbitokayvkhzhsnljde7rqmn7rvoga6e4waeub3h7ug3nghoad.onion){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/asciimoo/searx)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/asciimoo/searx)
|
||||
|
||||
Searx is a proxy between the user and the search engines it aggregates from. Your search queries will still be sent to the search engines that Searx gets its results from.
|
||||
|
||||
|
||||
@ -96,7 +96,7 @@ If a website or service supports WebAuthn for the authentication, it is highly r
|
||||
|
||||
We have these general recommendations:
|
||||
|
||||
### Which method should I use?
|
||||
### Which Method Should I Use?
|
||||
|
||||
When configuring your MFA method, keep in mind that it is only as secure as your weakest authentication method you use. This means it is important that you only use the best MFA method available. For instance, if you are already using TOTP, you should disable email and SMS MFA. If you are already using FIDO2/WebAuthn, you should not be using Yubico OTP or TOTP on your account.
|
||||
|
||||
@ -106,9 +106,9 @@ You should always have backups for your MFA method. Hardware security keys can g
|
||||
|
||||
When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g [VeraCrypt](../encryption.md#veracrypt)).
|
||||
|
||||
### Initial setup
|
||||
### Initial Set Up
|
||||
|
||||
When buying a security key, it is important that you change the default credentials, setup password protection for the key, and enable touch confirmation if your key supports it. Products such as the YubiKey) have multiple interfaces with separate credentials for each one of them, so you should go over each interface and set up protection as well.
|
||||
When buying a security key, it is important that you change the default credentials, set up password protection for the key, and enable touch confirmation if your key supports it. Products such as the YubiKey) have multiple interfaces with separate credentials for each one of them, so you should go over each interface and set up protection as well.
|
||||
|
||||
### Email and SMS
|
||||
|
||||
@ -118,7 +118,7 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
|
||||
|
||||
[MFA tools we recommend](../multi-factor-authentication.md){ .md-button }
|
||||
|
||||
## More places to setup MFA
|
||||
## More Places to Set Up MFA
|
||||
|
||||
Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
|
||||
|
||||
@ -144,7 +144,7 @@ The command will prevent an adversary from bypassing MFA when the computer boots
|
||||
|
||||
!!! warning
|
||||
|
||||
If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you setup a proper hostname for your computer before following this guide.
|
||||
If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide.
|
||||
|
||||
The `pam_u2f` module on Linux can provide two factor authentication for user login on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS.
|
||||
|
||||
@ -154,7 +154,7 @@ Qubes OS has support for Challenge-Response authentication with YubiKeys. If you
|
||||
|
||||
### SSH
|
||||
|
||||
#### Hardware security keys
|
||||
#### Hardware Security Keys
|
||||
|
||||
SSH MFA could be set up using multiple different authentication methods that are popular with hardware security keys. We recommend that you check out Yubico's [documentation](https://developers.yubico.com/SSH/) on how to set this up.
|
||||
|
||||
|
||||
@ -16,17 +16,18 @@ If you are currently browsing clearnet and want to access the dark web, this sec
|
||||
|
||||
[Visit torproject.org](https://www.torproject.org){ .md-button .md-button--primary } [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/security/tor)
|
||||
- [:pg-openbsd: OpenBSD](https://openports.se/net/tor)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/net/tor)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://support.torproject.org/tormobile/tormobile-7/)
|
||||
- [:fontawesome-brands-android: Android](https://www.torproject.org/download/#android)
|
||||
- [:fontawesome-brands-git: Source](https://gitweb.torproject.org/tor.git)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/security/tor)
|
||||
- [:pg-openbsd: OpenBSD](https://openports.se/net/tor)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/net/tor)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||||
- [:pg-f-droid: F-Droid](https://support.torproject.org/tormobile/tormobile-7/)
|
||||
- [:fontawesome-brands-android: Android](https://www.torproject.org/download/#android)
|
||||
- [:fontawesome-brands-git: Source](https://gitweb.torproject.org/tor.git)
|
||||
|
||||
### Invisible Internet Project
|
||||
|
||||
@ -39,17 +40,18 @@ If you are currently browsing clearnet and want to access the dark web, this sec
|
||||
|
||||
[Visit geti2p.net](https://geti2p.net){ .md-button .md-button--primary } [:pg-i2p:](http://i2p-projekt.i2p){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://geti2p.net/en/download#windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://geti2p.net/en/download#mac)
|
||||
- [:fontawesome-brands-linux: Linux](https://geti2p.net/en/download#unix)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/security/i2p)
|
||||
- [:pg-openbsd: OpenBSD](https://openports.se/net/i2pd)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/wip/i2pd)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.i2p.android)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/app/net.i2p.android.router)
|
||||
- [:fontawesome-brands-android: Android](https://download.i2p2.de/android/current/)
|
||||
- [:fontawesome-brands-git: Source](https://geti2p.net/en/get-involved/guides/new-developers#getting-the-i2p-code)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://geti2p.net/en/download#windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://geti2p.net/en/download#mac)
|
||||
- [:fontawesome-brands-linux: Linux](https://geti2p.net/en/download#unix)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/security/i2p)
|
||||
- [:pg-openbsd: OpenBSD](https://openports.se/net/i2pd)
|
||||
- [:pg-netbsd: NetBSD](https://pkgsrc.se/wip/i2pd)
|
||||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.i2p.android)
|
||||
- [:pg-f-droid: F-Droid](https://f-droid.org/app/net.i2p.android.router)
|
||||
- [:fontawesome-brands-android: Android](https://download.i2p2.de/android/current/)
|
||||
- [:fontawesome-brands-git: Source](https://geti2p.net/en/get-involved/guides/new-developers#getting-the-i2p-code)
|
||||
|
||||
### The Freenet Project
|
||||
|
||||
@ -61,13 +63,14 @@ If you are currently browsing clearnet and want to access the dark web, this sec
|
||||
|
||||
[Visit freenetproject.org/](https://freenetproject.org){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://freenetproject.org/pages/download.html#windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://freenetproject.org/pages/download.html#os-x)
|
||||
- [:fontawesome-brands-linux: Linux](https://freenetproject.org/pages/download.html#gnulinux-posix)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
|
||||
- [:pg-openbsd: OpenBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
|
||||
- [:pg-netbsd: NetBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/freenet/)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://freenetproject.org/pages/download.html#windows)
|
||||
- [:fontawesome-brands-apple: macOS](https://freenetproject.org/pages/download.html#os-x)
|
||||
- [:fontawesome-brands-linux: Linux](https://freenetproject.org/pages/download.html#gnulinux-posix)
|
||||
- [:fontawesome-brands-freebsd: FreeBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
|
||||
- [:pg-openbsd: OpenBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
|
||||
- [:pg-netbsd: NetBSD](https://freenetproject.org/pages/download.html#gnulinux-posix)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/freenet/)
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -7,8 +7,7 @@ When sharing files, it's important to remove associated metadata. Image files co
|
||||
|
||||
While there are plenty of metadata removal tools, they typically aren't convenient to use. The guides featured here aim to detail how to integrate metadata removal tools in a simple fashion by utilizing easy-to-access system features.
|
||||
|
||||
!!! tip "Related"
|
||||
For a list of the metadata removal tools that we recommend, visit our [metadata removal tools](../metadata-removal-tools.md) page.
|
||||
- [Recommended metadata removal tools :material-arrow-right:](../metadata-removal-tools.md)
|
||||
|
||||
## macOS
|
||||
|
||||
@ -41,14 +40,14 @@ Shortcuts is quite intuitive to work with, so if you don't like the behavior dem
|
||||
|
||||
2. In the shortcut's options, check **Use as Quick Action** and **Finder**
|
||||
|
||||
3. Setup the retrieval options:
|
||||
3. Set up the retrieval options:
|
||||
|
||||
- Receive **Images, Media, and PDFs** input from **Quick Actions**
|
||||
- If there is no input select **Continue**
|
||||
|
||||
4. Add the **Run Shell Script** action to the shortcut. You may need to enable **Allow Running Scripts** in Shortcut.app's settings
|
||||
|
||||
5. Setup the shell script action:
|
||||
5. Set up the shell script action:
|
||||
- Select **zsh** from the shell list
|
||||
- Set the input to **Shortcut Input**
|
||||
- Select **as arguments** for the pass input
|
||||
|
||||
@ -125,20 +125,25 @@ h1, h2, h3, .md-header__topic {
|
||||
max-width: 150px;
|
||||
}
|
||||
|
||||
.md-typeset .admonition.anonyimity,
|
||||
.md-typeset details.anonyimity {
|
||||
border-color: rgb(43, 155, 70);
|
||||
.md-typeset .admonition.downloads,
|
||||
.md-typeset details.downloads {
|
||||
border: none;
|
||||
}
|
||||
.md-typeset .anonyimity > .admonition-title,
|
||||
.md-typeset .anonyimity > summary {
|
||||
background-color: rgba(43, 155, 70, 0.1);
|
||||
border-color: rgb(43, 155, 70);
|
||||
.md-typeset .downloads > .admonition-title,
|
||||
.md-typeset .downloads > summary {
|
||||
background-color: rgba(43, 155, 70, 0.0);
|
||||
border: none;
|
||||
padding-left: 0.6rem;
|
||||
}
|
||||
.md-typeset .anonyimity > .admonition-title::before,
|
||||
.md-typeset .anonyimity > summary::before {
|
||||
background-color: rgb(43, 155, 70);
|
||||
-webkit-mask-image: var(--md-admonition-icon--success);
|
||||
mask-image: var(--md-admonition-icon--success);
|
||||
.md-typeset .downloads > .admonition-title::before,
|
||||
.md-typeset .downloads > .admonition-title,
|
||||
.md-typeset .downloads > summary::before {
|
||||
background-color: var( --md-typeset-a-color);
|
||||
-webkit-mask-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16' fill='currentColor' class='bi bi-arrow-down-circle-fill' viewBox='0 0 16 16'%3E%3Cpath d='M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8.5 4.5a.5.5 0 0 0-1 0v5.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V4.5z'/%3E%3C/svg%3E");
|
||||
mask-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16' fill='currentColor' class='bi bi-arrow-down-circle-fill' viewBox='0 0 16 16'%3E%3Cpath d='M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8.5 4.5a.5.5 0 0 0-1 0v5.793L5.354 8.146a.5.5 0 1 0-.708.708l3 3a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V4.5z'/%3E%3C/svg%3E");
|
||||
}
|
||||
.md-typeset .downloads > summary::after {
|
||||
right:auto;
|
||||
}
|
||||
|
||||
/* Correct page icon size */
|
||||
|
||||
@ -163,7 +163,7 @@ Governments, in particular [China](https://www.zdnet.com/article/china-is-now-bl
|
||||
|
||||
### Online Certificate Status Protocol (OCSP)
|
||||
|
||||
Another way your browser can disclose your browsing activities is with the [Online Certificate Status Protocol](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). When visiting a [HTTPS](https://en.wikipedia.org/wiki/HTTPS) website, the browser might check to see if the website's [certificate](https://en.wikipedia.org/wiki/Public_key_certificate) has been revoked. This is generally done through the HTTP protocol, meaning it is **not** encrypted.
|
||||
Another way your browser can disclose your browsing activities is with the [Online Certificate Status Protocol](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). When visiting a HTTPS website, the browser might check to see if the website's [certificate](https://en.wikipedia.org/wiki/Public_key_certificate) has been revoked. This is generally done through the HTTP protocol, meaning it is **not** encrypted.
|
||||
|
||||
The OCSP request contains the certificate "[serial number](https://en.wikipedia.org/wiki/Public_key_certificate#Common_fields)", which is unique. It is sent to the "OCSP responder" in order to check its status.
|
||||
|
||||
|
||||
@ -170,7 +170,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN.
|
||||
|
||||
If you're looking for added **security**, you should always ensure you're connecting to websites using [HTTPS](https://en.wikipedia.org/wiki/HTTPS). A VPN is not a replacement for good security practices.
|
||||
If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
|
||||
|
||||
[Learn more :material-arrow-right:](vpn.md)
|
||||
|
||||
@ -206,6 +206,8 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
- { .twemoji } [Joplin](https://joplinapp.org/)
|
||||
- { .twemoji } [Standard Notes](https://standardnotes.org/)
|
||||
- { .twemoji } [EteSync Notes](https://www.etesync.com/)
|
||||
- { .twemoji } [Org-mode](https://orgmode.org/)
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
@ -8,33 +8,30 @@ The primary threat when using a video streaming platform is that your streaming
|
||||
|
||||
### FreeTube
|
||||
|
||||
!!! Warning
|
||||
|
||||
When using FreeTube, your IP address is still known to YouTube, [Invidious](https://instances.invidious.io) and the SponsorBlock instances that you use. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](threat-modeling.md) requires hiding your IP address.
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
|
||||
**FreeTube** is a free and open source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device.
|
||||
|
||||
FreeTube also features [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored advertisements. All YouTube advertisements are also blocked by default.
|
||||
By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
|
||||
|
||||
[Visit freetubeapp.io](https://freetubeapp.io){ .md-button .md-button--primary } [Privacy Policy](https://freetubeapp.io/privacy.php){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://freetubeapp.io/#download)
|
||||
- [:fontawesome-brands-apple: macOS](https://freetubeapp.io/#download)
|
||||
- [:fontawesome-brands-linux: Linux](https://freetubeapp.io/#download)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/FreeTubeApp/FreeTube/)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://freetubeapp.io/#download)
|
||||
- [:fontawesome-brands-apple: macOS](https://freetubeapp.io/#download)
|
||||
- [:fontawesome-brands-linux: Linux](https://freetubeapp.io/#download)
|
||||
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/FreeTubeApp/FreeTube/)
|
||||
|
||||
!!! Warning
|
||||
|
||||
When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](threat-modeling.md) requires hiding your IP address.
|
||||
|
||||
### LBRY
|
||||
|
||||
!!! note
|
||||
|
||||
Only the **LBRY desktop client** is recommended. The [Odysee](https://odysee.com) website and the LBRY clients in F-Droid, Play Store, and the AppStore have mandatory synchronization and telemetry.
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
@ -45,11 +42,16 @@ The primary threat when using a video streaming platform is that your streaming
|
||||
|
||||
[Visit lbry.com](https://lbry.com){ .md-button .md-button--primary } [Privacy Policy](https://lbry.com/privacypolicy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-windows: Windows](https://lbry.com/get)
|
||||
- [:fontawesome-brands-apple: macOS](https://lbry.com/osx)
|
||||
- [:fontawesome-brands-linux: Linux](https://lbry.com/linux)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/lbryio)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://lbry.com/get)
|
||||
- [:fontawesome-brands-apple: macOS](https://lbry.com/osx)
|
||||
- [:fontawesome-brands-linux: Linux](https://lbry.com/linux)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/lbryio)
|
||||
|
||||
!!! note
|
||||
|
||||
Only the **LBRY desktop client** is recommended, as the [Odysee](https://odysee.com) website and the LBRY clients in F-Droid, Play Store, and the App Store have mandatory synchronization and telemetry.
|
||||
|
||||
!!! warning
|
||||
|
||||
@ -57,7 +59,7 @@ The primary threat when using a video streaming platform is that your streaming
|
||||
|
||||
We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. If you synchronize your wallet with LBRY Inc., you have to trust them to not look at your subscription list, [LBC](https://lbry.com/faq/earn-credits) funds, or take control of your channel.
|
||||
|
||||
You can disable *Save hosting data to help the LBRY network* option (⚙️ Settings → Advanced Settings) to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time.
|
||||
You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings** → **Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time.
|
||||
|
||||
### NewPipe
|
||||
|
||||
@ -71,9 +73,10 @@ You can disable *Save hosting data to help the LBRY network* option (⚙️ Set
|
||||
|
||||
[Visit newpipe.net](https://newpipe.net){ .md-button .md-button--primary } [Privacy Policy](https://newpipe.net/legal/privacy){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-android: F-Droid repo](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/TeamNewPipe/NewPipe)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-android: F-Droid repo](https://newpipe.net/FAQ/tutorials/install-add-fdroid-repo)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/TeamNewPipe/NewPipe)
|
||||
|
||||
!!! note
|
||||
|
||||
@ -81,7 +84,7 @@ You can disable *Save hosting data to help the LBRY network* option (⚙️ Set
|
||||
|
||||
#### SponsorBlock
|
||||
|
||||
*NewPipe x SponsorBlock* is a fork of [NewPipe](https://newpipe.net) with [SponsorBlock](https://sponsor.ajay.app) integrated to help you skip sponsored advertisements.
|
||||
*NewPipe x SponsorBlock* is a fork of [NewPipe](https://newpipe.net) with [SponsorBlock](https://sponsor.ajay.app) integrated to help you skip sponsored video segments.
|
||||
|
||||
It also has integration with [Return YouTube Dislike](https://returnyoutubedislike.com), and some experimental settings such as the ability to use the built-in player for local playback, an option to force fullscreen on landscape mode, and an option to disable error reporting prompts.
|
||||
|
||||
@ -93,10 +96,6 @@ This fork is not endorsed by or affiliated with the upstream project. The NewPip
|
||||
|
||||
### Invidious
|
||||
|
||||
!!! warning
|
||||
|
||||
Invidious does not proxy the video stream through its server by default. Videos watched through Invidious will still make direct connections to Google's servers (googlevideo.com); however, some instances support video proxying. This can be enabled by adding `&local=true` to the URL.
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
@ -106,9 +105,14 @@ This fork is not endorsed by or affiliated with the upstream project. The NewPip
|
||||
|
||||
[Visit invidious.io](https://invidious.io){ .md-button .md-button--primary } [Privacy Policy](){ .md-button }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-solid-earth-americas: Instances](https://instances.invidious.io)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/iv-org/invidious)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-solid-earth-americas: Instances](https://instances.invidious.io)
|
||||
- [:fontawesome-brands-github: Source](https://github.com/iv-org/invidious)
|
||||
|
||||
!!! warning
|
||||
|
||||
Invidious does not proxy the video stream through its server by default. Videos watched through Invidious will still make direct connections to Google's servers (googlevideo.com); however, some instances support video proxying. This can be enabled by adding `&local=true` to the URL.
|
||||
|
||||
!!! tip
|
||||
|
||||
@ -130,8 +134,9 @@ When you are using an Invidious instance, be sure to go read the Privacy Policy
|
||||
|
||||
[Visit piped.kavin.rocks](https://piped.kavin.rocks/){ .md-button .md-button--primary }
|
||||
|
||||
**Downloads**
|
||||
- [:fontawesome-brands-github: Source](https://github.com/TeamPiped/Piped)
|
||||
??? downloads
|
||||
|
||||
- [:fontawesome-brands-github: Source](https://github.com/TeamPiped/Piped)
|
||||
|
||||
!!! tip
|
||||
|
||||
|
||||
@ -11,11 +11,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN.
|
||||
|
||||
If you're looking for added **security**, you should always ensure you're connecting to websites using [HTTPS](https://en.wikipedia.org/wiki/HTTPS). A VPN is not a replacement for good security practices.
|
||||
If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
|
||||
|
||||
[Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904){ .md-button }
|
||||
|
||||
??? info "When are VPNs useful?"
|
||||
??? question "When are VPNs useful?"
|
||||
|
||||
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved.
|
||||
|
||||
@ -23,7 +23,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
## Recommended Providers
|
||||
|
||||
!!! example "Criteria"
|
||||
!!! summary "Criteria"
|
||||
|
||||
Our recommended providers are outside the US, use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information.
|
||||
|
||||
|
||||
@ -1,48 +1,74 @@
|
||||
<!-- markdownlint-disable -->
|
||||
*[2FA]: 2-Factor Authentication
|
||||
*[ADB]: Android Debug Bridge
|
||||
*[AOSP]: Android Open Source Project
|
||||
*[attack surface]: The attack surface of software or hardware is the sum of the different places an unauthorized user (the "attacker") can try to enter data to or extract data from.
|
||||
*[AVB]: Android Verified Boot
|
||||
*[DNS]: Domain Name System
|
||||
*[CLI]: Command Line Interface
|
||||
*[CSV]: Comma-Separated Values
|
||||
*[CVE]: Common Vulnerabilities and Exposures
|
||||
*[DNSSEC]: Domain Name System Security Extensions
|
||||
*[DNS]: Domain Name System
|
||||
*[DoH]: DNS over HTTPS
|
||||
*[DoT]: DNS over TLS
|
||||
*[ECS]: EDNS Client Subnet
|
||||
*[Exif]: Exchangeable image file format
|
||||
*[E2EE]: End-to-End Encryption/Encrypted
|
||||
*[ECS]: EDNS Client Subnet
|
||||
*[EOL]: End-of-Life
|
||||
*[Exif]: Exchangeable image file format
|
||||
*[FDE]: Full Disk Encryption
|
||||
*[FIDO]: Fast IDentity Online
|
||||
*[GnuPG]: GNU Privacy Guard (PGP implementation)
|
||||
*[fork]: In software development, a fork is created when developers take a copy of source code from one software package and start independent development on it, creating a distinct and separate piece of software.
|
||||
*[GPG]: GNU Privacy Guard (PGP implementation)
|
||||
*[GPS]: Global Positioning System
|
||||
*[HTTP]: Hypertext Transfer Protocol
|
||||
*[GUI]: Graphical User Interface
|
||||
*[GnuPG]: GNU Privacy Guard (PGP implementation)
|
||||
*[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password
|
||||
*[HTTPS]: Hypertext Transfer Protocol Secure
|
||||
*[HTTP]: Hypertext Transfer Protocol
|
||||
*[I2P]: Invisible Internet Project
|
||||
*[ICCID]: Integrated Circuit Card Identifier
|
||||
*[IMAP]: Internet Message Access Protocol
|
||||
*[IMEI]: International Mobile Equipment Identity
|
||||
*[IMSI]: International Mobile Subscriber Identity
|
||||
*[IP]: Internet Protocol
|
||||
*[IPv4]: Internet Protocol version 4
|
||||
*[IPv6]: Internet Protocol version 6
|
||||
*[ISP]: Internet Service Provider
|
||||
*[ISPs]: Internet Service Providers
|
||||
*[I2P]: Invisible Internet Project
|
||||
*[JNI]: Java Native Interface
|
||||
*[LUKS]: Linux Unified Key Setup (Full-Disk Encryption)
|
||||
*[MAC]: Media Access Control
|
||||
*[MEID]: Mobile Equipment Identifier
|
||||
*[MFA]: Multi-Factor Authentication
|
||||
*[OCSP]: Online Certificate Status Protocol
|
||||
*[OEM]: Original Equipment Manufacturer
|
||||
*[OEMs]: Original Equipment Manufacturers
|
||||
*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
|
||||
*[OS]: Operating System
|
||||
*[OTP]: One-Time Password
|
||||
*[OTPs]: One-Time Passwords
|
||||
*[PGP]: Pretty Good Privacy (see OpenPGP)
|
||||
*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
|
||||
*[P2P]: Peer-to-Peer
|
||||
*[PGP]: Pretty Good Privacy (see OpenPGP)
|
||||
*[QNAME]: Qualified Name
|
||||
*[SaaS]: Software as a Service (cloud software)
|
||||
*[rolling release]: An update release cycle in which updates are released very frequently, instead of at set intervals.
|
||||
*[RSS]: Really Simple Syndication
|
||||
*[SELinux]: Security-Enhanced Linux
|
||||
*[SIM]: Subscriber Identity Module
|
||||
*[SMS]: Short Message Service (standard text messaging)
|
||||
*[SMTP]: Simple Mail Transfer Protocol
|
||||
*[SNI]: Server Name Indication
|
||||
*[SSH]: Secure Shell
|
||||
*[SaaS]: Software as a Service (cloud software)
|
||||
*[SoC]: System on Chip
|
||||
*[TCP]: Transmission Control Protocol
|
||||
*[TEE]: Trusted Execution Environment
|
||||
*[TLS]: Transport Layer Security
|
||||
*[TOTP]: Time-based One-Time Password
|
||||
*[UDP]: User Datagram Protocol
|
||||
*[TPM]: Trusted Platform Module
|
||||
*[U2F]: Universal 2nd Factor
|
||||
*[VoIP]: Voice over IP (Internet Protocol)
|
||||
*[UDP]: User Datagram Protocol
|
||||
*[VPN]: Virtual Private Network
|
||||
*[VoIP]: Voice over IP (Internet Protocol)
|
||||
*[W3C]: World Wide Web Consortium
|
||||
*[2FA]: 2-Factor Authentication
|
||||
*[XMPP]: Extensible Messaging and Presence Protocol
|
||||
*[cgroups]: Control Groups
|
||||
|
||||
@ -104,6 +104,7 @@ markdown_extensions:
|
||||
- footnotes
|
||||
- toc:
|
||||
permalink: true
|
||||
toc_depth: 4
|
||||
|
||||
extra_javascript:
|
||||
- javascripts/mathjax.js
|
||||
@ -115,9 +116,8 @@ nav:
|
||||
- 'threat-modeling.md'
|
||||
- 'technology/dns.md'
|
||||
- 'security/multi-factor-authentication.md'
|
||||
- 'Mobile Devices':
|
||||
- 'Android':
|
||||
- 'android/overview.md'
|
||||
- 'android/security.md'
|
||||
- 'android/grapheneos-vs-calyxos.md'
|
||||
- 'Linux':
|
||||
- 'linux-desktop/overview.md'
|
||||
|
||||
Reference in New Issue
Block a user