privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-04 02:22:38 +00:00
Code Issues Activity

Compare commits

base: privacyguides:v2.4.18
Branches Tags
privacyguides:main privacyguides:kpham42-brave privacyguides:osmand-data privacyguides:pr-remove-stingle privacyguides:mullvad-leta privacyguides:ente-free privacyguides:tuta-download-links privacyguides:self-hosting-pt-2 privacyguides:update-contributors-2025-06-10 privacyguides:libretranslate privacyguides:send-and-instances privacyguides:EmAtPrivacyGuides-patch-1 privacyguides:ltex-vscode privacyguides:emphasize-docs privacyguides:kpham42-getting-started-publishing privacyguides:android-user-profiles privacyguides:kpham42-getting-started-targeted-attacks privacyguides:kpham42-getting-started-section-mass-surveillance privacyguides:kpham42-getting-started-big-tech-patch privacyguides:blacklight447-patch-2 privacyguides:recall privacyguides:revert-2790 privacyguides:brave-tor-windows privacyguides:getting-started-section privacyguides:ai-chat-cloud privacyguides:simplex-group privacyguides:pr-add_windscribe privacyguides:blacklight447-patch-1 privacyguides:volunteer-policies privacyguides:russian-service-providers privacyguides:signal-desktop privacyguides:jonaharagon/remove-nitrokey privacyguides:jonaharagon/security-keys privacyguides:jonaharagon/fingerprinting privacyguides:jonaharagon/remove-startpage privacyguides:all-contributors/add-lamtrinhdev privacyguides:magic privacyguides:pr-add_vanadium privacyguides:all-contributors/add-dzenan privacyguides:all-contributors/add-merlinscholz privacyguides:all-contributors/add-paulverbeke privacyguides:all-contributors/add-rollsicecream privacyguides:all-contributors/add-redoomed1 privacyguides:all-contributors/add-PoorPocketsMcNewHold privacyguides:all-contributors/add-r2fo privacyguides:all-contributors/add-dioxias privacyguides:all-contributors/add-ph00lt0 privacyguides:production privacyguides:jonaharagon/remove-standard-notes privacyguides:blacklight447-ptio-patch-5 privacyguides:mfmyfw-pr-info privacyguides:mfmyfw-pr-mac privacyguides:blacklight447-ptio-patch-4 privacyguides:blacklight447-ptio-patch-3 privacyguides:pr/1659 privacyguides:jonaharagon/voip privacyguides:pr-Revolut privacyguides:pr-libredirect privacyguides:health
privacyguides:2025.06.03 privacyguides:2025.05.04 privacyguides:2025.04.15 privacyguides:2025.03.17 privacyguides:2025.03.13 privacyguides:2025.03.05 privacyguides:2025.02.14 privacyguides:2025.02.07 privacyguides:2025.01.25 privacyguides:2025.01.17 privacyguides:2024.12.25 privacyguides:2024.12.14 privacyguides:2024.11.30 privacyguides:2024.11.26 privacyguides:2024.11.17 privacyguides:2024.11.14 privacyguides:2024.11.11 privacyguides:2024.10.28-8f7de57 privacyguides:2024.10.28 privacyguides:2024.09.08 privacyguides:2024.08.21 privacyguides:2024.08.19 privacyguides:2024.08.05 privacyguides:2024.08.01 privacyguides:2024.07.29-a58f090 privacyguides:2024.07.29 privacyguides:2024.07.28 privacyguides:2024.07.21 privacyguides:2024.07.15 privacyguides:2024.07.14 privacyguides:2024.06.01 privacyguides:2024.05.31 privacyguides:2024.05.22 privacyguides:2024.05.20 privacyguides:2024.04.16 privacyguides:2024.04.14 privacyguides:2024.04.11 privacyguides:2024.04.10 privacyguides:2024.04.08-a1b01b8b privacyguides:2024.04.08 privacyguides:2024.04.02 privacyguides:2024.03.31-82ab189d privacyguides:2024.03.31 privacyguides:v3.22 privacyguides:v3.21 privacyguides:v3.20.1 privacyguides:v3.20 privacyguides:v3.19 privacyguides:v3.18 privacyguides:v3.17 privacyguides:v3.16 privacyguides:v3.15 privacyguides:v3.14 privacyguides:v3.13 privacyguides:v3.12.2 privacyguides:v3.12.1 privacyguides:v3.12 privacyguides:v3.11.1 privacyguides:v3.11 privacyguides:v3.10 privacyguides:v3.9.2 privacyguides:v3.9.1 privacyguides:v3.9 privacyguides:v3.8 privacyguides:v3.7 privacyguides:v3.6.1 privacyguides:v3.6 privacyguides:v3.5 privacyguides:v3.4 privacyguides:v3.3 privacyguides:v3.2 privacyguides:v3.1 privacyguides:v3.0 privacyguides:v2.33 privacyguides:v2.32 privacyguides:v2.31 privacyguides:v2.30 privacyguides:v2.29 privacyguides:v2.28 privacyguides:v2.27.1 privacyguides:v2.27 privacyguides:v2.26 privacyguides:v2.25 privacyguides:v2.24 privacyguides:v2.23.1 privacyguides:v2.23 privacyguides:v2.22 privacyguides:v2.21 privacyguides:v2.20 privacyguides:v2.19.3 privacyguides:v2.19.2 privacyguides:v2.19.1 privacyguides:v2.19 privacyguides:v2.18 privacyguides:v2.17.4 privacyguides:v2.17.3 privacyguides:v2.17.2 privacyguides:v2.17.1 privacyguides:v2.17 privacyguides:v2.16.1 privacyguides:v2.16 privacyguides:v2.15 privacyguides:v2.14.2 privacyguides:v2.14.1 privacyguides:v2.14.0 privacyguides:v2.13.0 privacyguides:v2.12.1 privacyguides:v2.12.0 privacyguides:v2.11.1 privacyguides:v2.11.0 privacyguides:v2.10.0 privacyguides:v2.9.1 privacyguides:v2.9.0 privacyguides:v2.8.0 privacyguides:v2.7.1 privacyguides:v2.7.0 privacyguides:v2.6.2 privacyguides:v2.6.1 privacyguides:v2.6.0 privacyguides:v2.5.2 privacyguides:v2.5.1 privacyguides:v2.5.0 privacyguides:v2.4.20 privacyguides:v2.4.19 privacyguides:v2.4.18 privacyguides:v2.4.17 privacyguides:v2.4.16 privacyguides:v2.4.15 privacyguides:v2.4.14 privacyguides:v2.4.13 privacyguides:v2.4.12 privacyguides:v2.4.11 privacyguides:v2.4.10 privacyguides:v2.4.9 privacyguides:v2.4.8 privacyguides:v2.4.7 privacyguides:v2.4.6 privacyguides:v2.4.5 privacyguides:v2.4.4 privacyguides:v2.4.3 privacyguides:v2.4.2 privacyguides:v2.4.1 privacyguides:v2.4.0 privacyguides:v2.3.5 privacyguides:v2.3.4 privacyguides:v2.3.3 privacyguides:v2.3.2 privacyguides:v2.3.1 privacyguides:v2.3.0 privacyguides:v2.2.0 privacyguides:v2.1.2 privacyguides:v2.1.1 privacyguides:v2.1.0 privacyguides:v2.0.2 privacyguides:v2.0.1 privacyguides:v2.0.0 privacyguides:v1.0.0
..
compare: privacyguides:v2.9.1
Branches Tags
privacyguides:kpham42-brave privacyguides:osmand-data privacyguides:pr-remove-stingle privacyguides:mullvad-leta privacyguides:main privacyguides:ente-free privacyguides:tuta-download-links privacyguides:self-hosting-pt-2 privacyguides:update-contributors-2025-06-10 privacyguides:libretranslate privacyguides:send-and-instances privacyguides:EmAtPrivacyGuides-patch-1 privacyguides:ltex-vscode privacyguides:emphasize-docs privacyguides:kpham42-getting-started-publishing privacyguides:android-user-profiles privacyguides:kpham42-getting-started-targeted-attacks privacyguides:kpham42-getting-started-section-mass-surveillance privacyguides:kpham42-getting-started-big-tech-patch privacyguides:blacklight447-patch-2 privacyguides:recall privacyguides:revert-2790 privacyguides:brave-tor-windows privacyguides:getting-started-section privacyguides:ai-chat-cloud privacyguides:simplex-group privacyguides:pr-add_windscribe privacyguides:blacklight447-patch-1 privacyguides:volunteer-policies privacyguides:russian-service-providers privacyguides:signal-desktop privacyguides:jonaharagon/remove-nitrokey privacyguides:jonaharagon/security-keys privacyguides:jonaharagon/fingerprinting privacyguides:jonaharagon/remove-startpage privacyguides:all-contributors/add-lamtrinhdev privacyguides:magic privacyguides:pr-add_vanadium privacyguides:all-contributors/add-dzenan privacyguides:all-contributors/add-merlinscholz privacyguides:all-contributors/add-paulverbeke privacyguides:all-contributors/add-rollsicecream privacyguides:all-contributors/add-redoomed1 privacyguides:all-contributors/add-PoorPocketsMcNewHold privacyguides:all-contributors/add-r2fo privacyguides:all-contributors/add-dioxias privacyguides:all-contributors/add-ph00lt0 privacyguides:production privacyguides:jonaharagon/remove-standard-notes privacyguides:blacklight447-ptio-patch-5 privacyguides:mfmyfw-pr-info privacyguides:mfmyfw-pr-mac privacyguides:blacklight447-ptio-patch-4 privacyguides:blacklight447-ptio-patch-3 privacyguides:pr/1659 privacyguides:jonaharagon/voip privacyguides:pr-Revolut privacyguides:pr-libredirect privacyguides:health
privacyguides:2025.06.03 privacyguides:2025.05.04 privacyguides:2025.04.15 privacyguides:2025.03.17 privacyguides:2025.03.13 privacyguides:2025.03.05 privacyguides:2025.02.14 privacyguides:2025.02.07 privacyguides:2025.01.25 privacyguides:2025.01.17 privacyguides:2024.12.25 privacyguides:2024.12.14 privacyguides:2024.11.30 privacyguides:2024.11.26 privacyguides:2024.11.17 privacyguides:2024.11.14 privacyguides:2024.11.11 privacyguides:2024.10.28-8f7de57 privacyguides:2024.10.28 privacyguides:2024.09.08 privacyguides:2024.08.21 privacyguides:2024.08.19 privacyguides:2024.08.05 privacyguides:2024.08.01 privacyguides:2024.07.29-a58f090 privacyguides:2024.07.29 privacyguides:2024.07.28 privacyguides:2024.07.21 privacyguides:2024.07.15 privacyguides:2024.07.14 privacyguides:2024.06.01 privacyguides:2024.05.31 privacyguides:2024.05.22 privacyguides:2024.05.20 privacyguides:2024.04.16 privacyguides:2024.04.14 privacyguides:2024.04.11 privacyguides:2024.04.10 privacyguides:2024.04.08-a1b01b8b privacyguides:2024.04.08 privacyguides:2024.04.02 privacyguides:2024.03.31-82ab189d privacyguides:2024.03.31 privacyguides:v3.22 privacyguides:v3.21 privacyguides:v3.20.1 privacyguides:v3.20 privacyguides:v3.19 privacyguides:v3.18 privacyguides:v3.17 privacyguides:v3.16 privacyguides:v3.15 privacyguides:v3.14 privacyguides:v3.13 privacyguides:v3.12.2 privacyguides:v3.12.1 privacyguides:v3.12 privacyguides:v3.11.1 privacyguides:v3.11 privacyguides:v3.10 privacyguides:v3.9.2 privacyguides:v3.9.1 privacyguides:v3.9 privacyguides:v3.8 privacyguides:v3.7 privacyguides:v3.6.1 privacyguides:v3.6 privacyguides:v3.5 privacyguides:v3.4 privacyguides:v3.3 privacyguides:v3.2 privacyguides:v3.1 privacyguides:v3.0 privacyguides:v2.33 privacyguides:v2.32 privacyguides:v2.31 privacyguides:v2.30 privacyguides:v2.29 privacyguides:v2.28 privacyguides:v2.27.1 privacyguides:v2.27 privacyguides:v2.26 privacyguides:v2.25 privacyguides:v2.24 privacyguides:v2.23.1 privacyguides:v2.23 privacyguides:v2.22 privacyguides:v2.21 privacyguides:v2.20 privacyguides:v2.19.3 privacyguides:v2.19.2 privacyguides:v2.19.1 privacyguides:v2.19 privacyguides:v2.18 privacyguides:v2.17.4 privacyguides:v2.17.3 privacyguides:v2.17.2 privacyguides:v2.17.1 privacyguides:v2.17 privacyguides:v2.16.1 privacyguides:v2.16 privacyguides:v2.15 privacyguides:v2.14.2 privacyguides:v2.14.1 privacyguides:v2.14.0 privacyguides:v2.13.0 privacyguides:v2.12.1 privacyguides:v2.12.0 privacyguides:v2.11.1 privacyguides:v2.11.0 privacyguides:v2.10.0 privacyguides:v2.9.1 privacyguides:v2.9.0 privacyguides:v2.8.0 privacyguides:v2.7.1 privacyguides:v2.7.0 privacyguides:v2.6.2 privacyguides:v2.6.1 privacyguides:v2.6.0 privacyguides:v2.5.2 privacyguides:v2.5.1 privacyguides:v2.5.0 privacyguides:v2.4.20 privacyguides:v2.4.19 privacyguides:v2.4.18 privacyguides:v2.4.17 privacyguides:v2.4.16 privacyguides:v2.4.15 privacyguides:v2.4.14 privacyguides:v2.4.13 privacyguides:v2.4.12 privacyguides:v2.4.11 privacyguides:v2.4.10 privacyguides:v2.4.9 privacyguides:v2.4.8 privacyguides:v2.4.7 privacyguides:v2.4.6 privacyguides:v2.4.5 privacyguides:v2.4.4 privacyguides:v2.4.3 privacyguides:v2.4.2 privacyguides:v2.4.1 privacyguides:v2.4.0 privacyguides:v2.3.5 privacyguides:v2.3.4 privacyguides:v2.3.3 privacyguides:v2.3.2 privacyguides:v2.3.1 privacyguides:v2.3.0 privacyguides:v2.2.0 privacyguides:v2.1.2 privacyguides:v2.1.1 privacyguides:v2.1.0 privacyguides:v2.0.2 privacyguides:v2.0.1 privacyguides:v2.0.0 privacyguides:v1.0.0

68 Commits
v2.4.18 ... v2.9.1

Author SHA1 Message Date
Jonah Aragon
a52770e1c0 Minify HTML & CSS (#1351) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-30 03:22:50 +09:30
Daniel Gray
f6a25a7dd4 Two broken links in VPN/VPN Overview page (#1358) 2022-05-30 02:33:37 +09:30
Tad
4a25c635ee DivestOS updates (#1359) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-30 02:21:15 +09:30
Jonah Aragon
a29c443a48 Improve Colors and Styles (#1355) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-29 14:25:48 +09:30
lexi
6f27a0e849 Fix typos on VPN services page (#1354) 2022-05-28 17:46:57 -05:00
mfwmyfacewhen
4f20378555 Fix links in linux hardening guide (#1353) 2022-05-28 17:46:17 -05:00
mfwmyfacewhen
072e087487 Data Erasure Grammar Fixes (#1350) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-29 04:26:52 +09:30
Jonah Aragon
547ed4c728 Add brand submodule (#1347) 2022-05-28 13:52:46 -05:00
lexi
bbca7bcbab Fix Briar Flatpak download (#1346) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-29 04:21:31 +09:30
Jonah Aragon
0b70d8689d Separate articles and recommendations (#1173) 
Co-authored-by: Daniel Gray <dng@disroot.org>
 2022-05-03 14:15:20 -05:00
Daniel Gray
4a448189c6 Revert "Remove FairEmail (#1270)" 
This reverts commit abd2fa0ff0.
 2022-05-28 19:31:53 +09:30
lexi
58343b1dd9 Update recommendation card design (#1316) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-28 19:12:54 +09:30
lexi
8b1d9cd9b6 Correct Proton Mail zero-access encryption info (#1339) 2022-05-27 00:29:05 -05:00
Tommy
c38c185efe Various corrections to Linux Pages (#1331) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-27 12:48:24 +09:30
Daniel Gray
b5f4773923 Add Flatpak link for Briar (#1333) 2022-05-26 19:50:56 +09:30
cYDN48
5ff8b083d4 Correct Proton VPN pricing (#1332) 
Co-authored-by: lexi <git@lx-is.lol>
 2022-05-25 20:59:26 -05:00
Daniel Gray
2635aabed7 Minor fixes to various pages (#1327) 2022-05-26 01:32:58 +09:30
Daniel Gray
f335a7e5d2 Remove Handy News Reader (#1320) 2022-05-25 23:45:01 +09:30
Daniel Gray
ba20357cda Add Feeder (#1303) 2022-05-25 23:45:00 +09:30
d4rklynk
641f80db99 Update Proton products to Proton.me (#1319) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-25 23:45:00 +09:30
Beventar
9bb70d2e6b New Proton logos (#1318) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-25 23:17:23 +09:30
Tommy
631b2d2e14 Update the Linux pages (#1307) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-25 23:17:23 +09:30
mfwmyfacewhen
f7a55480fb Add article about erasing data securely (#1256) 
Co-Authored-By: Daniel Gray <dng@disroot.org>
 2022-05-25 23:17:23 +09:30
d4rklynk
0a5286832d Add Pi-hole (#1314) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-25 06:11:27 +09:30
Freddy
e0c11ad21c Removing Jurisdiction Requirements (#937) 
Co-Authored-By: Daniel Gray <dng@disroot.org>
 2022-05-24 17:26:56 +09:30
lexi
ef3986de9d Add Librarian LBRY frontend (#1309) 2022-05-24 01:22:37 -05:00
d4rklynk
bbe9531d05 Minor edit to Tor Browser description (#1308) 2022-05-23 18:08:17 -05:00
Tebowy Seba
0e7da2af19 Remove dangling ControlD reference (#1297) 2022-05-23 09:46:45 -05:00
lexi
03649e16f7 Improve Tor Browser description (#1295) 2022-05-23 00:20:58 -05:00
lexi
9e0b8843d3 Update NewPipe description (#1294) 2022-05-23 00:20:35 -05:00
lexi
39e7f02309 Clarify Neo Store rebranding (#1292) 2022-05-23 00:19:55 -05:00
Daniel Gray
ad19e1de9c Add Brave Search (#1290) 2022-05-22 15:07:55 +09:30
lexi
4bd402c1c7 Remove Mojeek (#1272) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-22 15:04:21 +09:30
Jonah Aragon
d14f33d442 Meet color accessibility standards (#1287) 2022-05-21 20:58:24 -05:00
lexi
4d6a57689a Update 'Common Threats' article (#1285) 
Co-authored-by: Jonah Aragon <jonah@triplebit.net>
 2022-05-21 20:55:12 -05:00
lexi
c438cac4e8 Change the light switch (sun/moon) (#1289) 2022-05-21 20:50:35 -05:00
Jonah Aragon
ca9e725d0a Listing common threat examples (#1276) 
Co-authored-by: Tommy <contact@tommytran.io>
Co-authored-by: mfwmyfacewhen <94880365+mfwmyfacewhen@users.noreply.github.com>
Co-authored-by: lexi <lexi@omg.lol>
 2022-05-21 16:55:14 -05:00
lexi
aba833d617 Improve README images (#1283) 
Co-authored-by: Jonah Aragon <jonah@triplebit.net>
 2022-05-20 18:51:59 -05:00
lexi
b5cc57267e Update Startpage mini icons (#1282) 2022-05-20 18:41:05 -05:00
Jonah Aragon
718b915991 Link to internal pages from overview (#1274) 2022-05-20 13:48:04 -05:00
Jonah Aragon
2d36716977 Improve Snowflake section and extension warnings (#1275) 
Co-Authored-By: lexi <git@lx-is.lol>
 2022-05-19 20:42:18 -05:00
Jonah Aragon
6d7bacd22a Update dependabot configuration 2022-05-19 16:55:24 -05:00
Jonah Aragon
a3f33c2ea0 Update mkdocs-material-insiders 2022-05-19 11:09:35 -05:00
mfwmyfacewhen
d66ee4ab60 Change Snowflake extension to Snowflake site (#1271) 2022-05-18 20:10:43 -05:00
0rdinant
abd2fa0ff0 Remove FairEmail (#1270) 2022-05-18 19:28:56 -05:00
d4rklynk
9af610ef9e Add warning to avoid third-party extensions on Brave (#1269) 2022-05-18 17:37:21 -05:00
d4rklynk
75a37bd07f Change 'MullvadDNS' to 'Mullvad' on Overview (#1267) 2022-05-18 13:54:35 -05:00
Jonah Aragon
6cbbfe1cde Update local development instructions 
Closes #1183: See https://github.com/privacyguides/privacyguides.org/issues/1183#issuecomment-1126581848
 2022-05-18 13:48:40 -05:00
Daniel Gray
a3e87e1d47 Fix spelling mistake in search engines 2022-05-18 20:15:14 +09:30
d4rklynk
8b30b59ab4 Change Tor Browser warning to danger (#1261) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-18 11:42:56 +09:30
lexi
3b74b60401 Update VPN providers' # of countries (#1262) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-18 11:21:03 +09:30
Steven Bach
6f3ffca705 Fix grammar in uBO filter list warning (#1263) 2022-05-17 19:29:22 -05:00
Daniel Gray
c6bf2dcf3e Another way to get apks (#923) 2022-05-17 11:12:42 -05:00
elitejake
9b8d855641 Add additional SyncThing download links (#1257) 2022-05-17 10:50:51 -05:00
lexi
68928f71eb Improvements to the browser page (#1255) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-17 16:12:50 +09:30
lexi
1c8fcd812c Update cloud storage intro description (#1254) 2022-05-16 15:09:32 -05:00
mfwmyfacewhen
7c1a693dec Edit uBlockOrigin to not recommend installing all filter lists (#1238) 2022-05-16 11:13:11 -04:00
Jonah Aragon
fa8e48aa43 Remove Disroot email recommendation (#1117) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-16 22:43:08 +09:30
lexi
396a220960 Updates to account deletion article (#1250) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-16 17:06:04 +09:30
Daniel Gray
7b24cd39b6 Fix source consistency (#1249) 2022-05-16 14:19:21 +09:30
mfwmyfacewhen
185af90a16 Grammar and wording fixes (#1244) 
Signed-off-by: Daniel Gray <dng@disroot.org>
 2022-05-16 14:01:18 +09:30
lexi
b2f6e52ae8 Rename "email cloaking" to "email aliasing" on overview page (#1245) 2022-05-15 21:35:34 -05:00
lexi
fa835f8b35 Rename "MullvadDNS" to just "Mullvad" (#1246) 2022-05-16 02:32:01 +00:00
lexi
a86c4b6517 Add "learn more" links to subsections (#1243) 2022-05-15 20:37:00 -05:00
d4rklynk
ba1817deb7 Change "Attention" to "Warning" in Warning Box Message (#1242) 2022-05-15 18:45:31 -05:00
lexi
e8db5ce8af Update Safari Privacy Report instruction (#1240) 2022-05-15 16:07:11 -05:00
namazso
0a2cc8aa81 GDPR rights for account deletion (#1239) 2022-05-16 04:50:02 +09:30
Daniel Gray
d2d73c63c4 Move files into basics dir (#1236) 2022-05-16 04:07:37 +09:30
115 changed files with 2345 additions and 1821 deletions
Expand all files Collapse all files

32
.github/dependabot.yml vendored
View File

@ -1,27 +1,29 @@
version: 2
registries:
fortawesome:
type: npm-registry
url: https://npm.fontawesome.com/
token: ${{ secrets.FONTAWESOME_NPM_AUTH_TOKEN }}
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
assignees:
- "jonaharagon"
reviewers:
- "jonaharagon"
labels:
- "fix:github_actions"
- package-ecosystem: "bundler" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "daily"
- package-ecosystem: "npm"
# Maintain dependencies for pipenv
- package-ecosystem: "pip"
directory: "/"
registries:
- fortawesome
ignore:
- dependency-name: "mkdocs-material"
schedule:
interval: "daily"
assignees:
- "jonaharagon"
reviewers:
- "jonaharagon"
labels:
- "fix:python"

3
.gitmodules vendored
View File

@ -1,3 +1,6 @@
[submodule "mkdocs-material-insiders"]
path = mkdocs-material
url = git@github.com:privacyguides/mkdocs-material-insiders.git
[submodule "docs/assets/brand"]
path = docs/assets/brand
url = https://github.com/privacyguides/brand.git

2
.markdownlint.yml
View File

@ -1,5 +1,7 @@
default: true
line-length: false
ul-indent:
indent: 4
no-inline-html: false
code-block-style: false
no-hard-tabs:

1
Pipfile
View File

@ -9,6 +9,7 @@ mkdocs-material = {path = "./mkdocs-material"}
mkdocs-static-i18n = "*"
mkdocs-git-revision-date-localized-plugin = "*"
typing-extensions = "*"
mkdocs-minify-plugin = "*"
[dev-packages]
scour = "*"

274
Pipfile.lock generated
View File

@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
"sha256": "2d68765ce86bf264f0a29d6b9f31202a71615d6aad4653cffc874bd095267d29"
"sha256": "76ed583036efde0ea1b0725942175f9c77c8a04f218b4822cc8dcc0f8174e2f4"
},
"pipfile-spec": 6,
"requires": {
@ -41,10 +41,11 @@
},
"certifi": {
"hashes": [
"sha256:78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872",
"sha256:d62a0163eb4c2344ac042ab2bdf75399a71a2d8c7d47eac2e2ee91b9d6339569"
"sha256:9c5705e395cd70084351dd8ad5c41e65655e08ce46f2ec9cf6c2c08390f71eb7",
"sha256:f1d53542ee8cbedbe2118b5686372fb33c297fcd6379b050cca0ef13a597382a"
],
"version": "==2021.10.8"
"markers": "python_version >= '3.6'",
"version": "==2022.5.18.1"
},
"cffi": {
"hashes": [
@ -106,7 +107,7 @@
"sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
"sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
],
"markers": "python_version >= '3'",
"markers": "python_version >= '3.0'",
"version": "==2.0.12"
},
"click": {
@ -117,6 +118,12 @@
"markers": "python_version >= '3.7'",
"version": "==8.1.3"
},
"csscompressor": {
"hashes": [
"sha256:afa22badbcf3120a4f392e4d22f9fff485c044a1feda4a950ecc5eba9dd31a05"
],
"version": "==0.9.5"
},
"cssselect2": {
"hashes": [
"sha256:3a83b2a68370c69c9cd3fcb88bbfaebe9d22edeef2c22d1ff3e1ed9c7fa45ed8",
@ -135,10 +142,10 @@
},
"ghp-import": {
"hashes": [
"sha256:5f8962b30b20652cdffa9c5a9812f7de6bcb56ec475acac579807719bf242c46",
"sha256:947b3771f11be850c852c64b561c600fdddf794bab363060854c1ee7ad05e071"
"sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619",
"sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343"
],
"version": "==2.0.2"
"version": "==2.1.0"
},
"gitdb": {
"hashes": [
@ -156,21 +163,27 @@
"markers": "python_version >= '3.7'",
"version": "==3.1.27"
},
"htmlmin": {
"hashes": [
"sha256:50c1ef4630374a5d723900096a961cff426dff46b48f34d194a81bbe14eca178"
],
"version": "==0.1.12"
},
"idna": {
"hashes": [
"sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff",
"sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"
],
"markers": "python_version >= '3'",
"markers": "python_version >= '3.0'",
"version": "==3.3"
},
"importlib-metadata": {
"hashes": [
"sha256:1208431ca90a8cca1a6b8af391bb53c1a2db74e5d1cef6ddced95d4b2062edc6",
"sha256:ea4c597ebf37142f827b8f39299579e31685c31d3a438b59f469406afd0f2539"
"sha256:5d26852efe48c0a32b0509ffbc583fda1a2266545a78d104a6f4aff3db17d700",
"sha256:c58c8eb8a762858f49e18436ff552e83914778e50e9d2f1660535ffb364552ec"
],
"markers": "python_version >= '3.7'",
"version": "==4.11.3"
"version": "==4.11.4"
},
"jinja2": {
"hashes": [
@ -180,6 +193,12 @@
"markers": "python_version >= '3.6'",
"version": "==3.0.3"
},
"jsmin": {
"hashes": [
"sha256:c0959a121ef94542e807a674142606f7e90214a2b3d1eb17300244bbb5cc2bfc"
],
"version": "==3.0.1"
},
"lxml": {
"hashes": [
"sha256:078306d19a33920004addeb5f4630781aaeabb6a8d01398045fcde085091a169",
@ -249,11 +268,11 @@
},
"markdown": {
"hashes": [
"sha256:76df8ae32294ec39dcf89340382882dfa12975f87f45c3ed1ecdb1e8cefc7006",
"sha256:9923332318f843411e9932237530df53162e29dc7a4e2b91e35764583c46c9a3"
"sha256:cbb516f16218e643d8e0a95b309f77eb118cb138d39a4f27851e6a63581db874",
"sha256:f5da449a6e1c989a4cea2631aa8ee67caa5a2ef855d551c88f9e309f4634c621"
],
"markers": "python_version >= '3.6'",
"version": "==3.3.6"
"version": "==3.3.7"
},
"markupsafe": {
"hashes": [
@ -327,7 +346,7 @@
},
"mkdocs-material": {
"path": "./mkdocs-material",
"version": "==8.2.12+insiders.4.13.2"
"version": "==8.2.15+insiders.4.15.1"
},
"mkdocs-material-extensions": {
"hashes": [
@ -337,6 +356,14 @@
"markers": "python_version >= '3.6'",
"version": "==1.0.3"
},
"mkdocs-minify-plugin": {
"hashes": [
"sha256:32d9e8fbd89327a0f4f648f517297aad344c1bad64cfde110d059bd2f2780a6d",
"sha256:487c31ae6b8b3230f56910ce6bcf5c7e6ad9a8c4f51c720a4b989f30c2b0233f"
],
"index": "pypi",
"version": "==0.5.0"
},
"mkdocs-static-i18n": {
"hashes": [
"sha256:5d69b4eb284931bd048a36f923367f2a7bd0dc7b0438008dce8ca1a8feee99e2"
@ -354,47 +381,47 @@
},
"pillow": {
"hashes": [
"sha256:01ce45deec9df310cbbee11104bae1a2a43308dd9c317f99235b6d3080ddd66e",
"sha256:0c51cb9edac8a5abd069fd0758ac0a8bfe52c261ee0e330f363548aca6893595",
"sha256:17869489de2fce6c36690a0c721bd3db176194af5f39249c1ac56d0bb0fcc512",
"sha256:21dee8466b42912335151d24c1665fcf44dc2ee47e021d233a40c3ca5adae59c",
"sha256:25023a6209a4d7c42154073144608c9a71d3512b648a2f5d4465182cb93d3477",
"sha256:255c9d69754a4c90b0ee484967fc8818c7ff8311c6dddcc43a4340e10cd1636a",
"sha256:35be4a9f65441d9982240e6966c1eaa1c654c4e5e931eaf580130409e31804d4",
"sha256:3f42364485bfdab19c1373b5cd62f7c5ab7cc052e19644862ec8f15bb8af289e",
"sha256:3fddcdb619ba04491e8f771636583a7cc5a5051cd193ff1aa1ee8616d2a692c5",
"sha256:463acf531f5d0925ca55904fa668bb3461c3ef6bc779e1d6d8a488092bdee378",
"sha256:4fe29a070de394e449fd88ebe1624d1e2d7ddeed4c12e0b31624561b58948d9a",
"sha256:55dd1cf09a1fd7c7b78425967aacae9b0d70125f7d3ab973fadc7b5abc3de652",
"sha256:5a3ecc026ea0e14d0ad7cd990ea7f48bfcb3eb4271034657dc9d06933c6629a7",
"sha256:5cfca31ab4c13552a0f354c87fbd7f162a4fafd25e6b521bba93a57fe6a3700a",
"sha256:66822d01e82506a19407d1afc104c3fcea3b81d5eb11485e593ad6b8492f995a",
"sha256:69e5ddc609230d4408277af135c5b5c8fe7a54b2bdb8ad7c5100b86b3aab04c6",
"sha256:6b6d4050b208c8ff886fd3db6690bf04f9a48749d78b41b7a5bf24c236ab0165",
"sha256:7a053bd4d65a3294b153bdd7724dce864a1d548416a5ef61f6d03bf149205160",
"sha256:82283af99c1c3a5ba1da44c67296d5aad19f11c535b551a5ae55328a317ce331",
"sha256:8782189c796eff29dbb37dd87afa4ad4d40fc90b2742704f94812851b725964b",
"sha256:8d79c6f468215d1a8415aa53d9868a6b40c4682165b8cb62a221b1baa47db458",
"sha256:97bda660702a856c2c9e12ec26fc6d187631ddfd896ff685814ab21ef0597033",
"sha256:a325ac71914c5c043fa50441b36606e64a10cd262de12f7a179620f579752ff8",
"sha256:a336a4f74baf67e26f3acc4d61c913e378e931817cd1e2ef4dfb79d3e051b481",
"sha256:a598d8830f6ef5501002ae85c7dbfcd9c27cc4efc02a1989369303ba85573e58",
"sha256:a5eaf3b42df2bcda61c53a742ee2c6e63f777d0e085bbc6b2ab7ed57deb13db7",
"sha256:aea7ce61328e15943d7b9eaca87e81f7c62ff90f669116f857262e9da4057ba3",
"sha256:af79d3fde1fc2e33561166d62e3b63f0cc3e47b5a3a2e5fea40d4917754734ea",
"sha256:c24f718f9dd73bb2b31a6201e6db5ea4a61fdd1d1c200f43ee585fc6dcd21b34",
"sha256:c5b0ff59785d93b3437c3703e3c64c178aabada51dea2a7f2c5eccf1bcf565a3",
"sha256:c7110ec1701b0bf8df569a7592a196c9d07c764a0a74f65471ea56816f10e2c8",
"sha256:c870193cce4b76713a2b29be5d8327c8ccbe0d4a49bc22968aa1e680930f5581",
"sha256:c9efef876c21788366ea1f50ecb39d5d6f65febe25ad1d4c0b8dff98843ac244",
"sha256:de344bcf6e2463bb25179d74d6e7989e375f906bcec8cb86edb8b12acbc7dfef",
"sha256:eb1b89b11256b5b6cad5e7593f9061ac4624f7651f7a8eb4dfa37caa1dfaa4d0",
"sha256:ed742214068efa95e9844c2d9129e209ed63f61baa4d54dbf4cf8b5e2d30ccf2",
"sha256:f401ed2bbb155e1ade150ccc63db1a4f6c1909d3d378f7d1235a44e90d75fb97",
"sha256:fb89397013cf302f282f0fc998bb7abf11d49dcff72c8ecb320f76ea6e2c5717"
"sha256:088df396b047477dd1bbc7de6e22f58400dae2f21310d9e2ec2933b2ef7dfa4f",
"sha256:09e67ef6e430f90caa093528bd758b0616f8165e57ed8d8ce014ae32df6a831d",
"sha256:0b4d5ad2cd3a1f0d1df882d926b37dbb2ab6c823ae21d041b46910c8f8cd844b",
"sha256:0b525a356680022b0af53385944026d3486fc8c013638cf9900eb87c866afb4c",
"sha256:1d4331aeb12f6b3791911a6da82de72257a99ad99726ed6b63f481c0184b6fb9",
"sha256:20d514c989fa28e73a5adbddd7a171afa5824710d0ab06d4e1234195d2a2e546",
"sha256:2b291cab8a888658d72b575a03e340509b6b050b62db1f5539dd5cd18fd50578",
"sha256:3f6c1716c473ebd1649663bf3b42702d0d53e27af8b64642be0dd3598c761fb1",
"sha256:42dfefbef90eb67c10c45a73a9bc1599d4dac920f7dfcbf4ec6b80cb620757fe",
"sha256:488f3383cf5159907d48d32957ac6f9ea85ccdcc296c14eca1a4e396ecc32098",
"sha256:4d45dbe4b21a9679c3e8b3f7f4f42a45a7d3ddff8a4a16109dff0e1da30a35b2",
"sha256:53c27bd452e0f1bc4bfed07ceb235663a1df7c74df08e37fd6b03eb89454946a",
"sha256:55e74faf8359ddda43fee01bffbc5bd99d96ea508d8a08c527099e84eb708f45",
"sha256:59789a7d06c742e9d13b883d5e3569188c16acb02eeed2510fd3bfdbc1bd1530",
"sha256:5b650dbbc0969a4e226d98a0b440c2f07a850896aed9266b6fedc0f7e7834108",
"sha256:66daa16952d5bf0c9d5389c5e9df562922a59bd16d77e2a276e575d32e38afd1",
"sha256:6e760cf01259a1c0a50f3c845f9cad1af30577fd8b670339b1659c6d0e7a41dd",
"sha256:7502539939b53d7565f3d11d87c78e7ec900d3c72945d4ee0e2f250d598309a0",
"sha256:769a7f131a2f43752455cc72f9f7a093c3ff3856bf976c5fb53a59d0ccc704f6",
"sha256:7c150dbbb4a94ea4825d1e5f2c5501af7141ea95825fadd7829f9b11c97aaf6c",
"sha256:8844217cdf66eabe39567118f229e275f0727e9195635a15e0e4b9227458daaf",
"sha256:8a66fe50386162df2da701b3722781cbe90ce043e7d53c1fd6bd801bca6b48d4",
"sha256:9370d6744d379f2de5d7fa95cdbd3a4d92f0b0ef29609b4b1687f16bc197063d",
"sha256:937a54e5694684f74dcbf6e24cc453bfc5b33940216ddd8f4cd8f0f79167f765",
"sha256:9c857532c719fb30fafabd2371ce9b7031812ff3889d75273827633bca0c4602",
"sha256:a4165205a13b16a29e1ac57efeee6be2dfd5b5408122d59ef2145bc3239fa340",
"sha256:b3fe2ff1e1715d4475d7e2c3e8dabd7c025f4410f79513b4ff2de3d51ce0fa9c",
"sha256:b6617221ff08fbd3b7a811950b5c3f9367f6e941b86259843eab77c8e3d2b56b",
"sha256:b761727ed7d593e49671d1827044b942dd2f4caae6e51bab144d4accf8244a84",
"sha256:baf3be0b9446a4083cc0c5bb9f9c964034be5374b5bc09757be89f5d2fa247b8",
"sha256:c17770a62a71718a74b7548098a74cd6880be16bcfff5f937f900ead90ca8e92",
"sha256:c67db410508b9de9c4694c57ed754b65a460e4812126e87f5052ecf23a011a54",
"sha256:d78ca526a559fb84faaaf84da2dd4addef5edb109db8b81677c0bb1aad342601",
"sha256:e9ed59d1b6ee837f4515b9584f3d26cf0388b742a11ecdae0d9237a94505d03a",
"sha256:f054b020c4d7e9786ae0404278ea318768eb123403b18453e28e47cdb7a0a4bf",
"sha256:f372d0f08eff1475ef426344efe42493f71f377ec52237bf153c5713de987251",
"sha256:f3f6a6034140e9e17e9abc175fc7a266a6e63652028e157750bd98e804a8ed9a",
"sha256:ffde4c6fabb52891d81606411cbfaf77756e3b561b566efd270b3ed3791fde4e"
],
"markers": "python_version >= '3.7'",
"version": "==9.1.0"
"version": "==9.1.1"
},
"pycparser": {
"hashes": [
@ -421,11 +448,11 @@
},
"pyparsing": {
"hashes": [
"sha256:7bf433498c016c4314268d95df76c81b842a4cb2b276fa3312cfb1e1d85f6954",
"sha256:ef7b523f6356f763771559412c0d7134753f037822dad1b16945b7b846f7ad06"
"sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb",
"sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"
],
"markers": "python_full_version >= '3.6.8'",
"version": "==3.0.8"
"version": "==3.0.9"
},
"python-dateutil": {
"hashes": [
@ -489,6 +516,86 @@
"markers": "python_version >= '3.6'",
"version": "==0.1"
},
"regex": {
"hashes": [
"sha256:02543d6d5c32d361b7cc468079ba4cddaaf4a6544f655901ba1ff9d8e3f18755",
"sha256:036d1c1fbe69eba3ee253c107e71749cdbb4776db93d674bc0d5e28f30300734",
"sha256:071bcb625e890f28b7c4573124a6512ea65107152b1d3ca101ce33a52dad4593",
"sha256:0f8da3145f4b72f7ce6181c804eaa44cdcea313c8998cdade3d9e20a8717a9cb",
"sha256:0fb6cb16518ac7eff29d1e0b0cce90275dfae0f17154165491058c31d58bdd1d",
"sha256:0fd464e547dbabf4652ca5fe9d88d75ec30182981e737c07b3410235a44b9939",
"sha256:12af15b6edb00e425f713160cfd361126e624ec0de86e74f7cad4b97b7f169b3",
"sha256:165cc75cfa5aa0f12adb2ac6286330e7229a06dc0e6c004ec35da682b5b89579",
"sha256:1a07e8366115069f26822c47732122ab61598830a69f5629a37ea8881487c107",
"sha256:1c2de7f32fa87d04d40f54bce3843af430697aba51c3a114aa62837a0772f219",
"sha256:253f858a0255cd91a0424a4b15c2eedb12f20274f85731b0d861c8137e843065",
"sha256:275afc7352982ee947fc88f67a034b52c78395977b5fc7c9be15f7dc95b76f06",
"sha256:2bde99f2cdfd6db1ec7e02d68cadd384ffe7413831373ea7cc68c5415a0cb577",
"sha256:3241db067a7f69da57fba8bca543ac8a7ca415d91e77315690202749b9fdaba1",
"sha256:37903d5ca11fa47577e8952d2e2c6de28553b11c70defee827afb941ab2c6729",
"sha256:3dfbadb7b74d95f72f9f9dbf9778f7de92722ab520a109ceaf7927461fa85b10",
"sha256:3e35c50b27f36176c792738cb9b858523053bc495044d2c2b44db24376b266f1",
"sha256:3e9e983fc8e0d4d5ded7caa5aed39ca2cf6026d7e39801ef6f0af0b1b6cd9276",
"sha256:3f6bd8178cce5bb56336722d5569d19c50bba5915a69a2050c497fb921e7cb0f",
"sha256:43ee0df35925ae4b0cc6ee3f60b73369e559dd2ac40945044da9394dd9d3a51d",
"sha256:45b761406777a681db0c24686178532134c937d24448d9e085279b69e9eb7da4",
"sha256:46cbc5b23f85e94161b093dba1b49035697cf44c7db3c930adabfc0e6d861b95",
"sha256:4f2e2cef324ca9355049ee1e712f68e2e92716eba24275e6767b9bfa15f1f478",
"sha256:50b77622016f03989cd06ecf6b602c7a6b4ed2e3ce04133876b041d109c934ee",
"sha256:582ea06079a03750b5f71e20a87cd99e646d796638b5894ff85987ebf5e04924",
"sha256:58521abdab76583bd41ef47e5e2ddd93b32501aee4ee8cee71dee10a45ba46b1",
"sha256:5b9c7b6895a01204296e9523b3e12b43e013835a9de035a783907c2c1bc447f0",
"sha256:6165e737acb3bea3271372e8aa5ebe7226c8a8e8da1b94af2d6547c5a09d689d",
"sha256:66fb765b2173d90389384708e3e1d3e4be1148bd8d4d50476b1469da5a2f0229",
"sha256:68aed3fb0c61296bd6d234f558f78c51671f79ccb069cbcd428c2eea6fee7a5b",
"sha256:6a0ef57cccd8089b4249eebad95065390e56c04d4a92c51316eab4131bca96a9",
"sha256:709396c0c95b95045fac89b94f997410ff39b81a09863fe21002f390d48cc7d3",
"sha256:73ed1b06abadbf6b61f6033a07c06f36ec0ddca117e41ef2ac37056705e46458",
"sha256:7a608022f4593fc67518c6c599ae5abdb03bb8acd75993c82cd7a4c8100eff81",
"sha256:7c4d9770e579eb11b582b2e2fd19fa204a15cb1589ae73cd4dcbb63b64f3e828",
"sha256:7dbc96419ef0fb6ac56626014e6d3a345aeb8b17a3df8830235a88626ffc8d84",
"sha256:7f271d0831d8ebc56e17b37f9fa1824b0379221d1238ae77c18a6e8c47f1fdce",
"sha256:82b7fc67e49fdce671bdbec1127189fc979badf062ce6e79dc95ef5e07a8bf92",
"sha256:85b7ee4d0c7a46296d884f6b489af8b960c4291d76aea4b22fd4fbe05e6ec08e",
"sha256:8b747cef8e5dcdaf394192d43a0c02f5825aeb0ecd3d43e63ae500332ab830b0",
"sha256:8bf867ba71856414a482e4b683500f946c300c4896e472e51d3db8dfa8dc8f32",
"sha256:8e0da7ef160d4f3eb3d4d3e39a02c3c42f7dbcfce62c81f784cc99fc7059765f",
"sha256:8e7d33f93cdd01868327d834d0f5bb029241cd293b47d51b96814dec27fc9b4b",
"sha256:92183e9180c392371079262879c6532ccf55f808e6900df5d9f03c9ca8807255",
"sha256:92ad03f928675ca05b79d3b1d3dfc149e2226d57ed9d57808f82105d511d0212",
"sha256:97af238389cb029d63d5f2d931a7e8f5954ad96e812de5faaed373b68e74df86",
"sha256:9913bcf730eb6e9b441fb176832eea9acbebab6035542c7c89d90c803f5cd3be",
"sha256:9dae5affbb66178dad6c6fd5b02221ca9917e016c75ee3945e9a9563eb1fbb6f",
"sha256:a850f5f369f1e3b6239da7fb43d1d029c1e178263df671819889c47caf7e4ff3",
"sha256:aa6daa189db9104787ff1fd7a7623ce017077aa59eaac609d0d25ba95ed251a0",
"sha256:aabc28f7599f781ddaeac168d0b566d0db82182cc3dcf62129f0a4fc2927b811",
"sha256:af1e687ffab18a75409e5e5d6215b6ccd41a5a1a0ea6ce9665e01253f737a0d3",
"sha256:b1d53835922cd0f9b74b2742453a444865a70abae38d12eb41c59271da66f38d",
"sha256:b2df3ede85d778c949d9bd2a50237072cee3df0a423c91f5514f78f8035bde87",
"sha256:b415b82e5be7389ec5ee7ee35431e4a549ea327caacf73b697c6b3538cb5c87f",
"sha256:b7ba3c304a4a5d8112dbd30df8b3e4ef59b4b07807957d3c410d9713abaee9a8",
"sha256:bcc6f7a3a95119c3568c572ca167ada75f8319890706283b9ba59b3489c9bcb3",
"sha256:be392d9cd5309509175a9d7660dc17bf57084501108dbff0c5a8bfc3646048c3",
"sha256:bea61de0c688198e3d9479344228c7accaa22a78b58ec408e41750ebafee6c08",
"sha256:bedb3d01ad35ea1745bdb1d57f3ee0f996f988c98f5bbae9d068c3bb3065d210",
"sha256:c36906a7855ec33a9083608e6cd595e4729dab18aeb9aad0dd0b039240266239",
"sha256:c4fdf837666f7793a5c3cfa2f2f39f03eb6c7e92e831bc64486c2f547580c2b3",
"sha256:cfad3a770839aa456ff9a9aa0e253d98b628d005a3ccb37da1ff9be7c84fee16",
"sha256:d128e278e5e554c5c022c7bed410ca851e00bacebbb4460de546a73bc53f8de4",
"sha256:dffd9114ade73137ab2b79a8faf864683dbd2dbbb6b23a305fbbd4cbaeeb2187",
"sha256:e2acf5c66fbb62b5fe4c40978ddebafa50818f00bf79d60569d9762f6356336e",
"sha256:e65580ae3137bce712f505ec7c2d700aef0014a3878c4767b74aff5895fc454f",
"sha256:e944268445b5694f5d41292c9228f0ca46d5a32a67f195d5f8547c1f1d91f4bc",
"sha256:ed26c3d2d62c6588e0dad175b8d8cc0942a638f32d07b80f92043e5d73b7db67",
"sha256:ed625205f5f26984382b68e4cbcbc08e6603c9e84c14b38457170b0cc71c823b",
"sha256:f2a5d9f612091812dee18375a45d046526452142e7b78c4e21ab192db15453d5",
"sha256:f86aef546add4ff1202e1f31e9bb54f9268f17d996b2428877283146bf9bc013",
"sha256:f89d26e50a4c7453cb8c415acd09e72fbade2610606a9c500a1e48c43210a42d",
"sha256:fb7107faf0168de087f62a2f2ed00f9e9da12e0b801582b516ddac236b871cda"
],
"markers": "python_version >= '3.6'",
"version": "==2022.4.24"
},
"requests": {
"hashes": [
"sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61",
@ -539,33 +646,34 @@
},
"watchdog": {
"hashes": [
"sha256:03b43d583df0f18782a0431b6e9e9965c5b3f7cf8ec36a00b930def67942c385",
"sha256:0908bb50f6f7de54d5d31ec3da1654cb7287c6b87bce371954561e6de379d690",
"sha256:0b4a1fe6201c6e5a1926f5767b8664b45f0fcb429b62564a41f490ff1ce1dc7a",
"sha256:177bae28ca723bc00846466016d34f8c1d6a621383b6caca86745918d55c7383",
"sha256:19b36d436578eb437e029c6b838e732ed08054956366f6dd11875434a62d2b99",
"sha256:1d1cf7dfd747dec519486a98ef16097e6c480934ef115b16f18adb341df747a4",
"sha256:1e877c70245424b06c41ac258023ea4bd0c8e4ff15d7c1368f17cd0ae6e351dd",
"sha256:340b875aecf4b0e6672076a6f05cfce6686935559bb6d34cebedee04126a9566",
"sha256:351e09b6d9374d5bcb947e6ac47a608ec25b9d70583e9db00b2fcdb97b00b572",
"sha256:3fd47815353be9c44eebc94cc28fe26b2b0c5bd889dafc4a5a7cbdf924143480",
"sha256:49639865e3db4be032a96695c98ac09eed39bbb43fe876bb217da8f8101689a6",
"sha256:4d0e98ac2e8dd803a56f4e10438b33a2d40390a72750cff4939b4b274e7906fa",
"sha256:6e6ae29b72977f2e1ee3d0b760d7ee47896cb53e831cbeede3e64485e5633cc8",
"sha256:7f14ce6adea2af1bba495acdde0e510aecaeb13b33f7bd2f6324e551b26688ca",
"sha256:81982c7884aac75017a6ecc72f1a4fedbae04181a8665a34afce9539fc1b3fab",
"sha256:81a5861d0158a7e55fe149335fb2bbfa6f48cbcbd149b52dbe2cd9a544034bbd",
"sha256:ae934e34c11aa8296c18f70bf66ed60e9870fcdb4cc19129a04ca83ab23e7055",
"sha256:b26e13e8008dcaea6a909e91d39b629a39635d1a8a7239dd35327c74f4388601",
"sha256:b3750ee5399e6e9c69eae8b125092b871ee9e2fcbd657a92747aea28f9056a5c",
"sha256:b61acffaf5cd5d664af555c0850f9747cc5f2baf71e54bbac164c58398d6ca7b",
"sha256:b9777664848160449e5b4260e0b7bc1ae0f6f4992a8b285db4ec1ef119ffa0e2",
"sha256:bdcbf75580bf4b960fb659bbccd00123d83119619195f42d721e002c1621602f",
"sha256:d802d65262a560278cf1a65ef7cae4e2bc7ecfe19e5451349e4c67e23c9dc420",
"sha256:ed6d9aad09a2a948572224663ab00f8975fae242aa540509737bb4507133fa2d"
"sha256:036ed15f7cd656351bf4e17244447be0a09a61aaa92014332d50719fc5973bc0",
"sha256:0c520009b8cce79099237d810aaa19bc920941c268578436b62013b2f0102320",
"sha256:0fb60c7d31474b21acba54079ce9ff0136411183e9a591369417cddb1d7d00d7",
"sha256:156ec3a94695ea68cfb83454b98754af6e276031ba1ae7ae724dc6bf8973b92a",
"sha256:1ae17b6be788fb8e4d8753d8d599de948f0275a232416e16436363c682c6f850",
"sha256:1e5d0fdfaa265c29dc12621913a76ae99656cf7587d03950dfeb3595e5a26102",
"sha256:24dedcc3ce75e150f2a1d704661f6879764461a481ba15a57dc80543de46021c",
"sha256:2962628a8777650703e8f6f2593065884c602df7bae95759b2df267bd89b2ef5",
"sha256:47598fe6713fc1fee86b1ca85c9cbe77e9b72d002d6adeab9c3b608f8a5ead10",
"sha256:4978db33fc0934c92013ee163a9db158ec216099b69fce5aec790aba704da412",
"sha256:5e2e51c53666850c3ecffe9d265fc5d7351db644de17b15e9c685dd3cdcd6f97",
"sha256:676263bee67b165f16b05abc52acc7a94feac5b5ab2449b491f1a97638a79277",
"sha256:68dbe75e0fa1ba4d73ab3f8e67b21770fbed0651d32ce515cd38919a26873266",
"sha256:6d03149126864abd32715d4e9267d2754cede25a69052901399356ad3bc5ecff",
"sha256:6ddf67bc9f413791072e3afb466e46cc72c6799ba73dea18439b412e8f2e3257",
"sha256:746e4c197ec1083581bb1f64d07d1136accf03437badb5ff8fcb862565c193b2",
"sha256:7721ac736170b191c50806f43357407138c6748e4eb3e69b071397f7f7aaeedd",
"sha256:88ef3e8640ef0a64b7ad7394b0f23384f58ac19dd759da7eaa9bc04b2898943f",
"sha256:aa68d2d9a89d686fae99d28a6edf3b18595e78f5adf4f5c18fbfda549ac0f20c",
"sha256:b962de4d7d92ff78fb2dbc6a0cb292a679dea879a0eb5568911484d56545b153",
"sha256:ce7376aed3da5fd777483fe5ebc8475a440c6d18f23998024f832134b2938e7b",
"sha256:ddde157dc1447d8130cb5b8df102fad845916fe4335e3d3c3f44c16565becbb7",
"sha256:efcc8cbc1b43902571b3dce7ef53003f5b97fe4f275fe0489565fc6e2ebe3314",
"sha256:f9ee4c6bf3a1b2ed6be90a2d78f3f4bbd8105b6390c04a86eb48ed67bbfa0b0b",
"sha256:fed4de6e45a4f16e4046ea00917b4fe1700b97244e5d114f594b4a1b9de6bed8"
],
"markers": "python_version >= '3.6'",
"version": "==2.1.7"
"version": "==2.1.8"
},
"webencodings": {
"hashes": [

35
README.md
View File

@ -1,11 +1,10 @@
<!-- markdownlint-disable MD041 -->
<div align="center">
<a href="https://privacyguides.org#gh-light-mode-only">
<img src="/docs/assets/img/layout/privacy-guides-logo.svg" width="500px" alt="Privacy Guides" />
</a>
<a href="https://privacyguides.org#gh-dark-mode-only">
<img src="/docs/assets/img/layout/privacy-guides-logo-dark.svg" width="500px" alt="Privacy Guides" />
<a href="https://www.privacyguides.org/">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/privacyguides/brand/main/SVG/Logo/privacy-guides-logo-dark.svg">
<img alt="Privacy Guides" width="500px" src="https://raw.githubusercontent.com/privacyguides/brand/main/SVG/Logo/privacy-guides-logo.svg">
</picture>
</a>
<p><em>Your central privacy and security resource to protect yourself online.</em></p>
@ -68,14 +67,28 @@ Our current list of team members can be found [here](https://github.com/orgs/pri
## Developing
1. Clone this repository and submodules: `git clone --recurse-submodules https://github.com/privacyguides/privacyguides.org`
This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders/) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository. You can install the website locally with the open-source version of `mkdocs-material`:
1. Clone this repository:
- `git clone https://github.com/privacyguides/privacyguides.org.git`
- `git submodule init`
- `git submodule update docs/assets/brand`
2. Install [Python 3.6+](https://www.python.org/downloads/)
3. Install **pipenv**: `pip install pipenv`
4. Start a pipenv shell: `pipenv shell`
5. Install dependencies: `pipenv install --dev`
6. Serve the site locally: `mkdocs serve`
3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n mkdocs-git-revision-date-localized-plugin mkdocs-minify-plugin typing-extensions`
4. Serve the site locally: `mkdocs serve`
- The site will be available at `http://localhost:8000`
- You can build the site locally with `mkdocs build`
- Your local version of the site may be missing functionality, which is expected. If you are submitting a PR, please ensure the automatic preview generated for your PR looks correct, as that site will be built with the production insiders build.
**Team members** should clone the repository with `mkdocs-material-insiders` directly. This method is identical to production:
1. Clone this repository and submodules: `git clone --recurse-submodules https://github.com/privacyguides/privacyguides.org.git`
2. Install [Python 3.6+](https://www.python.org/downloads/)
3. Install **pipenv**: `pip install pipenv`
4. Install dependencies: `pipenv install --dev`
5. Serve the site locally: `pipenv run mkdocs serve`
- The site will be available at `http://localhost:8000`
- You can build the site locally with `pipenv run mkdocs build`
- This version of the site should be identical to the live, production version
## Releasing

146
docs/android.en.md
View File

@ -27,7 +27,11 @@ We recommend installing one of these custom Android operating systems on your de
GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
[Homepage](https://grapheneos.org/){ .md-button .md-button--primary } [Privacy Policy](https://grapheneos.org/faq#privacy-policy){ .md-button }
[:octicons-home-16: Homepage](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific work profile or user [profile](android/overview.md#user-profiles) of your choice.
@ -41,7 +45,11 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw
**CalyxOS** is a system with some privacy features on top of AOSP, including [Datura](https://calyxos.org/docs/tech/datura-details) firewall, [Signal](https://signal.org) integration in the dialer app, and a built in panic button. CalyxOS also comes with firmware updates and signed builds, so verified boot is fully supported.
[Homepage](https://calyxos.org/){ .md-button .md-button--primary } [Privacy Policy](https://calyxinstitute.org/legal/privacy-policy){ .md-button }
[:octicons-home-16: Homepage](https://calyxos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://calyxinstitute.org/legal/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://calyxos.org/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/CalyxOS){ .card-link title="Source Code" }
[:octicons-heart-16:](https://members.calyxinstitute.org/donate){ .card-link title=Contribute }
For people who need Google Play Services, CalyxOS optionally includes [microG](https://microg.org/). CalyxOS also includes alternate location services, [Mozilla](https://location.services.mozilla.com/) and [DejaVu](https://github.com/n76/DejaVu).
@ -56,15 +64,20 @@ CalyxOS only [supports](https://calyxos.org/docs/guide/device-support/) Google P
**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org/).
DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
[Homepage](https://divestos.org){ .md-button .md-button--primary } [Privacy Policy](https://divestos.org/index.php?page=privacy_policy){ .md-button }
[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
[:pg-tor:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title=Onion }
[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribute }
DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, a custom [hosts](https://divested.dev/index.php?page=dnsbl) file, and [F-Droid](https://www.f-droid.org) as the app store. It includes [UnifiedNlp](https://github.com/microg/UnifiedNlp) for network location. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and includes [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning).
DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, a custom [hosts](https://divested.dev/index.php?page=dnsbl) file, and [F-Droid](https://www.f-droid.org) as the app store. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0, 17.1, and 18.1 implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and 18.1 feature GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, and [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
!!! attention
!!! warning
DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS or CalyxOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
@ -92,7 +105,7 @@ A few more tips regarding Android devices and operating system compatibility:
Beginning with the **Pixel 6** and **6 Pro**, Pixel devices receive a minimum of 5 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-4 years competing OEMs typically offer.
[Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
Unless you have a need for specific [CalyxOS features](https://calyxos.org/features/) that are unavailable on GrapheneOS, we strongly recommend GrapheneOS over other operating system choices on Pixel devices.
@ -145,14 +158,16 @@ Fairphone markets their devices as receiving 6 years of support. However, the So
**Orbot** is a free proxy app that routes your connections through the Tor Network.
[Homepage](https://orbot.app/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/guardianproject/orbot){ .card-link title="Source Code" }
[:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid)
- [:fontawesome-brands-github: GitHub](https://github.com/guardianproject/orbot)
- [:fontawesome-brands-gitlab: GitLab](https://gitlab.com/guardianproject/orbot)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.torproject.android){ .card-link title="Google Play" }
[:pg-f-droid:](https://guardianproject.info/fdroid){ .card-link title=F-Droid }
Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings****Network & internet****VPN** → :gear: → **Block connections without VPN**.
@ -174,15 +189,16 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
[Project Info](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.patreon.com/PeterCxy){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter)
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.typeblog.shelter)
- [:fontawesome-brands-github: GitHub](https://github.com/PeterCxy/Shelter)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=net.typeblog.shelter){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/en/packages/net.typeblog.shelter){ .card-link title=F-Droid }
!!! attention
!!! warning
As CalyxOS includes a device controller, we recommend using their built in work profile instead.
@ -199,12 +215,16 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
**Auditor** is an app which leverages hardware security features to provide device integrity monitoring for [supported devices](https://attestation.app/about#device-support). Currently it works with GrapheneOS and the device's stock operating system.
[Website](https://attestation.app){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor)
- [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Auditor)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=app.attestation.auditor){ .card-link title="Google Play" }
[:fontawesome-brands-github:](https://github.com/GrapheneOS/Auditor/releases){ .card-link title=GitHub }
Auditor performs attestation and intrusion detection by:
@ -216,7 +236,7 @@ Auditor performs attestation and intrusion detection by:
No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
If your [threat model](threat-modeling.md) requires privacy you could consider using Orbot or a VPN to hide your IP address from the attestation service.
If your [threat model](basics/threat-modeling.md) requires privacy you could consider using Orbot or a VPN to hide your IP address from the attestation service.
To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
### Secure Camera
@ -228,12 +248,15 @@ To make sure that your hardware and operating system is genuine, [perform local
**Secure Camera** is an camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
[Source Code](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
- [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play){ .card-link title="Google Play" }
[:fontawesome-brands-github:](https://github.com/GrapheneOS/Camera/releases){ .card-link title=GitHub }
Main privacy features include:
@ -258,12 +281,14 @@ Main privacy features include:
[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
[App Info](https://github.com/GrapheneOS/PdfViewer#readme){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
- [:fontawesome-brands-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play){ .card-link title="Google Play" }
[:fontawesome-brands-github:](https://github.com/GrapheneOS/PdfViewer/releases){ .card-link title=GitHub }
### PrivacyBlur
@ -273,21 +298,23 @@ Main privacy features include:
**PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online.
[Website](https://privacyblur.app/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.mathema.privacyblur/)
- [:fontawesome-brands-github: GitHub](https://github.com/MATHEMA-GmbH/privacyblur)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=de.mathema.privacyblur){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/en/packages/de.mathema.privacyblur/){ .card-link title=F-Droid }
!!! warning
You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this we suggest [Pocket Paint](https://github.com/Catrobat/Paintroid) or [Imagepipe](https://codeberg.org/Starfish/Imagepipe).
## App Stores
## Obtaining Applications
### GrapheneOS's App Store
### GrapheneOS App Store
GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
@ -299,8 +326,6 @@ The Google Play Store requires a Google account to login which is not great for
F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications, and is dedicated to free and open source software. However, there are problems with the official F-Droid client, their quality control, and how they build, sign and deliver packages, outlined in this [post](https://wonderfall.dev/fdroid-issues/).
*[walled garden]: A walled garden (or closed platform) is one in which the service provider has control over applications, content, and/or media, and restricts convenient access to non-approved applicants or content.
Sometimes the official F-Droid repository may fall behind on updates. F-Droid maintainers reuse package IDs while signing apps with their own keys, which is not ideal as it does give the F-Droid team ultimate trust. The Google Play version of some apps may contain unwanted telemetry or lack features that are available in the F-Droid version.
We have these general tips:
@ -309,10 +334,12 @@ We have these general tips:
- Check if an app is available on the [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repository. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. We recommend that you download the GitHub builds and install them manually first, then use IzzyOnDroid for any subsequent updates. This will ensure that the signature of the applications you get from IzzyOnDroid matches that of the developer and the packages have not been tampered with.
- Check if there are any differences between the F-Droid version and the Google Play Store version. Some applications like [IVPN](https://www.ivpn.net/) do not include certain features (eg [AntiTracker](https://www.ivpn.net/knowledgebase/general/antitracker-faq/)) in their Google Play Store build out of fear of censorship by Google.
Evaluate whether the additional features in the F-Droid build are worth the slower updates. Also think about whether faster updates from the Google Play Store are worth the potential privacy issues in your [threat model](threat-modeling.md).
Evaluate whether the additional features in the F-Droid build are worth the slower updates. Also think about whether faster updates from the Google Play Store are worth the potential privacy issues in your [threat model](basics/threat-modeling.md).
#### Neo Store
<small><i>Neo Store is a recent rebrand of Droid-ify.</i></small>
The official F-Droid client targets a [low API level](https://wonderfall.dev/fdroid-issues/#3-low-target-api-level-sdk-for-client--apps) and does not utilize the [seamless updates](https://www.androidcentral.com/google-will-finally-bring-seamless-app-updates-alternative-app-stores-android-12) feature introduced in Android 12. Targeting lower API levels means that the F-Droid client cannot take advantage of the new improvements in the application sandboxes that comes with higher API levels. For automatic updates to work, the F-Droid client requires that the [Privileged Extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged/) be included in the operating system, granting it more privileges than what a normal app would have, which is not great for security.
To mitigate these problems, we recommend [Neo Store](https://github.com/NeoApplications/Neo-Store) as it supports seamless updates on Android 12 and above without needing any special privileges and targets a higher API level.
@ -324,10 +351,53 @@ To mitigate these problems, we recommend [Neo Store](https://github.com/NeoAppli
**Neo Store** is a modern F-Droid client made with MaterialUI, forked from [Foxy Droid](https://github.com/kitsunyan/foxy-droid).
Unlike the official F-Droid client, Neo Store supports seamless updates on Android 12 and above without the need for a privileged extension. If your Android distribution is on Android 12 or above and does not include the [F-Droid privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged/), it is highly recommended that you use Neo Store instead of the official client.
[:octicons-repo-16: Repository](https://github.com/NeoApplications/Neo-Store){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/NeoApplications/Neo-Store){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-android: APK Download](https://android.izzysoft.de/repo/apk/com.looker.droidify)
- [:fontawesome-brands-github: GitHub](https://github.com/NeoApplications/Neo-Store)
[:fontawesome-brands-android:](https://android.izzysoft.de/repo/apk/com.looker.droidify){ .card-link title="IzzyOnDroid (APK)" }
[:fontawesome-brands-github:](https://github.com/NeoApplications/Neo-Store/releases){ .card-link title=GitHub }
### Manually with RSS Notifications
If an app is released on a platform like GitHub, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you be aware of new releases. Using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) on GitHub and append `.atom` to the URL:
`https://github.com/GrapheneOS/Camera/releases.atom`
![RSS Feed](./assets/img/android/gfeeds-light.png#only-light)
![RSS Feed](./assets/img/android/gfeeds-dark.png#only-dark)
#### Verifying APK Fingerprints
If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
1. Install [Java JDK](https://www.oracle.com/java/technologies/downloads/).
2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
3. Extract the downloaded archive:
```bash
unzip commandlinetools-*.zip
cd cmdline-tools
./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
```
4. Run the signature verification command:
```bash
./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
```
5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk/) on their website.
```bash
Signer #1 certificate DN: CN=GrapheneOS
Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
```
--8<-- "includes/abbreviations.en.md"

2
docs/android/grapheneos-vs-calyxos.en.md
View File

@ -24,7 +24,7 @@ Local RF location backends like DejaVu require that the phone has a working GPS
If your threat model requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Play Services.
In terms of application compatibility, Sandboxed Google Play outperforms microG due to its support for many services which microG has not yet implemented, like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html). Authentication using [FIDO](security/multi-factor-authentication#fido-fast-identity-online) with online services on Android also relies on Play Services, and the feature is not yet implemented in microG.
In terms of application compatibility, Sandboxed Google Play outperforms microG due to its support for many services which microG has not yet implemented, like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html). Authentication using [FIDO](basics/multi-factor-authentication#fido-fast-identity-online) with online services on Android also relies on Play Services, and the feature is not yet implemented in microG.
## Privileged App Extensions

4
docs/android/overview.en.md
View File

@ -82,11 +82,11 @@ If you are using a device with Google services, either your stock operating syst
### Advanced Protection Program
If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection/). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../security/multi-factor-authentication.md#fido-fast-identity-online) support.
If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection/). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) support.
The Advanced Protection Program provides enhanced threat monitoring and enables:
- Stricter two factor authentication; e.g. that [FIDO](/security/multi-factor-authentication/#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](/security/multi-factor-authentication/#sms-or-email-mfa), [TOTP](/security/multi-factor-authentication.md#time-based-one-time-password-totp), and [OAuth](https://en.wikipedia.org/wiki/OAuth)
- Stricter two factor authentication; e.g. that [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp), and [OAuth](https://en.wikipedia.org/wiki/OAuth)
- Only Google and verified third party apps can access account data
- Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts
- Stricter [safe browser scanning](https://www.google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome

1
docs/assets/brand Submodule

Submodule docs/assets/brand added at 7e94d7a5d7

2
docs/assets/files/meta/browserconfig.xml
View File

@ -2,7 +2,7 @@
<browserconfig>
<msapplication>
<tile>
<square150x150logo src="/assets/img/layout/mstile-150x150.png"/>
<square150x150logo src="/assets/brand/PNG/Favicon/mstile-150x150.png"/>
<TileColor>#ffd06f</TileColor>
</tile>
</msapplication>

4
docs/assets/files/meta/site.webmanifest
View File

@ -3,12 +3,12 @@
"short_name": "Privacy Guides",
"icons": [
{
"src": "/assets/img/layout/android-chrome-192x192.png",
"src": "/assets/brand/PNG/Favicon/android-chrome-192x192.png",
"sizes": "192x192",
"type": "image/png"
},
{
"src": "/assets/img/layout/android-chrome-512x512.png",
"src": "/assets/brand/PNG/Favicon/android-chrome-512x512.png",
"sizes": "512x512",
"type": "image/png"
}

BIN
docs/assets/fonts/bagnard/Bagnard.woff
View File

Binary file not shown.

93
docs/assets/fonts/bagnard/LICENSE.txt
View File

@ -1,93 +0,0 @@
Copyright (c) 2015 Sebastien Sanfilippo (www.love-letters.be)
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at:
http://scripts.sil.org/OFL
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.

BIN
docs/assets/fonts/dm_mono/DMMono-Medium.woff2
View File

Binary file not shown.

BIN
docs/assets/fonts/dm_mono/DMMono-Regular.woff2
View File

Binary file not shown.

93
docs/assets/fonts/dm_mono/LICENSE.txt
View File

@ -1,93 +0,0 @@
Copyright 2020 The DM Mono Project Authors (https://www.github.com/googlefonts/dm-mono)
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at:
http://scripts.sil.org/OFL
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.

16
docs/assets/fonts/dm_mono/stylesheet.css
View File

@ -1,16 +0,0 @@
@font-face {
font-family: 'DM Mono';
src: url('DMMono-Regular.woff2') format('woff2');
font-weight: normal;
font-style: normal;
font-display: swap;
}
@font-face {
font-family: 'DM Mono';
src: url('DMMono-Medium.woff2') format('woff2');
font-weight: 500;
font-style: normal;
font-display: swap;
}

113
docs/assets/fonts/public_sans/LICENSE.txt
View File

@ -1,113 +0,0 @@
## License for USWDSs Modified Version
This font combines Libre Franklin (the “Original Version”) and these GSA modifications into a piece of font software called Public Sans, which is a “Modified Version” of Libre Franklin.
As a work of the United States Government, the font software modifications made by GSA are not subject to copyright within the United States. Additionally, GSA waives copyright and related rights in its font software modifications worldwide through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
The Original Version (as defined in the SIL Open Font License, Version 1.1) remains subject to copyright under the SIL Open Font License, Version 1.1.
This Modified Version (Public Sans) contains both software under the SIL Open Font License, Version 1.1 and software modifications by GSA released as CC0. As a work of the United States Government, the software modifications made by GSA are not subject to copyright within the United States. Additionally, GSA waives copyright and related rights in its software modifications worldwide through the [CC0 1.0 Universal Public Domain Dedication](https://creativecommons.org/publicdomain/zero/1.0/). It is a “joint work” made of the original software and modifications combined into a single work.
**In practice, users of this Modified Version (Public Sans) should use Public Sans according to the terms of the SIL Open Font License, Version 1.1, below.** This is because this font is a combination of work subject to copyright and work not subject to copyright, so the more restrictive requirements apply to using the combined work.
## License of project USWDSs Modified Version is based on
- Libre Franklin is licensed under the SIL Open Font License, Version 1.1 (<http://scripts.sil.org/OFL>)
- To view the copyright and specific terms and conditions of Libre Franklin, please refer to [OFL.txt](https://github.com/impallari/Libre-Franklin/blob/master/OFL.txt)
## SIL Open Font License, Version 1.1
Copyright 2015 The Public Sans Project Authors (https://github.com/uswds/public-sans)
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at http://scripts.sil.org/OFL
```
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.
```

BIN
docs/assets/fonts/public_sans/PublicSans-Bold.woff2
View File

Binary file not shown.

BIN
docs/assets/fonts/public_sans/PublicSans-BoldItalic.woff2
View File

Binary file not shown.

BIN
docs/assets/fonts/public_sans/PublicSans-Italic.woff2
View File

Binary file not shown.

BIN
docs/assets/fonts/public_sans/PublicSans-Light.woff2
View File

Binary file not shown.

BIN
docs/assets/fonts/public_sans/PublicSans-Regular.woff2
View File

Binary file not shown.

BIN
docs/assets/img/account-deletion/exposed_passwords.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 89 KiB

After

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/assets/img/android/gfeeds-dark.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 141 KiB

BIN
docs/assets/img/android/gfeeds-light.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 145 KiB

2
docs/assets/img/calendar-contacts/mini/proton-calendar.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_00000094620430057427565900000015311327790582914980_" x1="796.82" x2="203.77" y1="249.42" y2="1067.3" gradientTransform="matrix(.035694 0 0 -.035694 5.0337e-7 30.979)" gradientUnits="userSpaceOnUse"><stop stop-color="#C8E8FF" offset="0"/><stop stop-color="#BDAEFF" offset=".3075"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><radialGradient id="SVGID_1_" cx="169.05" cy="788.91" r="1" gradientTransform="matrix(-16.88 45.338 60.416 22.494 -44786 -25421)" gradientUnits="userSpaceOnUse"><stop stop-color="#54B7FF" stop-opacity="0" offset=".5561"/><stop stop-color="#54B7FF" offset=".9944"/></radialGradient></defs><g stroke-width=".035694"><path class="st0" d="m5.0337e-7 6.425c0-1.9346 1.567-3.5016 3.5016-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016z" fill="#6851f6"/><path class="st1" d="m0.0071394 6.425c0-1.9346 1.5705-3.5016 3.5052-3.5016h26.853c1.9346 0 3.5016 1.567 3.5016 3.5016v21.017c0 1.9346-1.567 3.5016-3.5016 3.5016h-26.853c-1.9346 0-3.5016-1.567-3.5016-3.5016v-21.017z" fill="url(#SVGID_1_)"/><path class="st2" d="m15.373 29.312c0-0.83168 0.29626-1.6384 0.83524-2.2702l6.168-7.2388 0.19632 11.14h-7.1995z" fill="#bfd8ff"/><path d="m3.5016 2.9234c-1.9346 0-3.5016 1.567-3.5016 3.5016v0.68176h23.933c1.5063 0 2.7235 1.2207 2.7235 2.7235v13.914h7.1995v-17.319c0-1.9346-1.567-3.5016-3.5016-3.5016z" clip-rule="evenodd" fill="url(#SVGID_00000094620430057427565900000015311327790582914980_)" fill-rule="evenodd"/><path class="st4" d="m21.406 22.38c0-2.1488 1.7419-3.8907 3.8907-3.8907h8.563v12.454h-12.454z" fill="#fff"/><path class="st5" d="m24.811 26.496h1.2315c0.04997 0.21416 0.1749 0.40334 0.35337 0.53541 0.1749 0.13207 0.39264 0.19989 0.61394 0.18918 0.55683 0 0.92448-0.30697 0.92448-0.75672s-0.38193-0.69961-1.1386-0.69961h-0.48901v-1.0137h0.42476c0.73173 0 1.0316-0.26771 1.0316-0.67462 0-0.40334-0.32482-0.68176-0.77456-0.68176-0.19989-0.01071-0.39978 0.05354-0.54969 0.18561-0.15348 0.13207-0.24629 0.31768-0.26414 0.51757h-1.1886c0.04283-0.70674 0.59966-1.7205 1.9953-1.7205 1.1208 0 1.8954 0.63893 1.8954 1.5384 0 0.28912-0.08924 0.57111-0.26057 0.80312-0.17133 0.23201-0.41048 0.40691-0.68533 0.49258v0.01785c0.32125 0.05711 0.61037 0.22844 0.81383 0.48187 0.20346 0.25343 0.31054 0.57111 0.29983 0.89949 0 0.97445-0.89236 1.6169-2.0453 1.6169-1.2243 0.0071-2.0988-0.6889-2.1881-1.7312z" fill="#6d4aff"/><path class="st5" d="m31.197 22.473h0.89592v5.6718h-1.1565v-4.3511l-1.1137 0.75672v-1.1458z" fill="#6d4aff"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.7 KiB

2
docs/assets/img/calendar-contacts/proton-calendar.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 4.2 KiB

After

Width:  |  Height:  |  Size: 8.0 KiB

2
docs/assets/img/cloud/cryptee-dark.svg
View File

@ -1 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><path fill-rule="evenodd" d="m16.955 3.3333e-7c7.3719 0 13.643 4.712 15.968 11.289l-9.6579-7e-5c-1.5501-1.732-3.8027-2.822-6.3098-2.822-4.6754 0-8.4656 3.7906-8.4656 8.4667 0 4.676 3.7902 8.4667 8.4656 8.4667 2.5071 0 4.7597-1.09 6.3098-2.822h9.6579c-2.3243 6.5768-8.5958 11.289-15.968 11.289-9.3509 0-16.931-7.5813-16.931-16.933 0-9.352 7.5804-16.933 16.931-16.933zm8.3962 18.07 8.4908-5e-5a16.843 16.843 0 0 1-0.30125 2.2497h-8.8186a8.3638 8.3638 0 0 0 0.62898-2.2497zm8.1896-4.5237a16.844 16.844 0 0 1 0.30125 2.2497l-8.4908-5e-5a8.3641 8.3641 0 0 0-0.62895-2.2497z" style="fill:#fff;stroke-width:.02419"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1398 1400"><path fill="#F5F5F5" fill-rule="evenodd" d="M699.914 0C1004.659 0 1263.915 194.786 1360 466.662l-399.246-.003C896.674 395.059 803.556 350 699.914 350c-193.276 0-349.957 156.7-349.957 350s156.681 350 349.957 350c103.641 0 196.76-45.059 260.84-116.658L1360 933.34C1263.915 1205.214 1004.659 1400 699.914 1400 313.362 1400 0 1086.6 0 700S313.362 0 699.914 0Zm347.087 747.002L1398 747a696.274 696.274 0 0 1-12.453 93H1021a345.75 345.75 0 0 0 26.001-92.998ZM1385.547 560A696.3 696.3 0 0 1 1398 653l-351-.002A345.762 345.762 0 0 0 1021 560h364.547Z"/></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 722 B

After

Width:  |  Height:  |  Size: 615 B

2
docs/assets/img/cloud/cryptee.svg
View File

@ -1 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867"><path fill-rule="evenodd" d="m16.955 3.3333e-7c7.3719 0 13.643 4.712 15.968 11.289l-9.6579-7e-5c-1.5501-1.732-3.8027-2.822-6.3098-2.822-4.6754 0-8.4656 3.7906-8.4656 8.4667 0 4.676 3.7902 8.4667 8.4656 8.4667 2.5071 0 4.7597-1.09 6.3098-2.822h9.6579c-2.3243 6.5768-8.5958 11.289-15.968 11.289-9.3509 0-16.931-7.5813-16.931-16.933 0-9.352 7.5804-16.933 16.931-16.933zm8.3962 18.07 8.4908-5e-5a16.843 16.843 0 0 1-0.30125 2.2497h-8.8186a8.3638 8.3638 0 0 0 0.62898-2.2497zm8.1896-4.5237a16.844 16.844 0 0 1 0.30125 2.2497l-8.4908-5e-5a8.3641 8.3641 0 0 0-0.62895-2.2497z" style="stroke-width:.02419"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1398 1400"><path fill="#222" fill-rule="nonzero" d="M699.914 0C1004.659 0 1263.915 194.786 1360 466.662l-399.246-.003C896.674 395.059 803.556 350 699.914 350c-193.276 0-349.957 156.7-349.957 350s156.681 350 349.957 350c103.641 0 196.76-45.059 260.84-116.658L1360 933.34C1263.915 1205.214 1004.659 1400 699.914 1400 313.362 1400 0 1086.6 0 700S313.362 0 699.914 0Zm347.087 747.002L1398 747a696.274 696.274 0 0 1-12.453 93H1021a345.75 345.75 0 0 0 26.001-92.998ZM1385.547 560A696.3 696.3 0 0 1 1398 653l-351-.002A345.762 345.762 0 0 0 1021 560h364.547Z"/></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 712 B

After

Width:  |  Height:  |  Size: 612 B

2
docs/assets/img/cloud/mini/protondrive.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_00000019652434788841659490000008021016220503567533_" x1="-12.632" x2="1173" y1="1195.6" y2="-107.33" gradientTransform="matrix(.035706 0 0 -.035706 -1.6667e-6 30.985)" gradientUnits="userSpaceOnUse"><stop stop-color="#6D4AFF" offset="0"/><stop stop-color="#AE8CFF" offset=".3593"/><stop stop-color="#F8CCFF" offset="1"/></linearGradient><radialGradient id="SVGID_1_" cx="169.06" cy="788.93" r="1" gradientTransform="matrix(-21.468 43.868 68.249 33.399 -50186 -33775)" gradientUnits="userSpaceOnUse"><stop stop-color="#FF62C0" stop-opacity="0" offset=".5561"/><stop stop-color="#FF62C0" offset=".9944"/></radialGradient></defs><g stroke-width=".035705"><path class="st0" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" fill="#6851f6"/><path class="st1" d="m-1.6667e-6 27.447v-21.023c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.8424 0.60343h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-26.858c-1.9352 4e-3 -3.5027-1.5639-3.5027-3.4991z" fill="url(#SVGID_1_)"/><path d="m15.96 5.7414h14.404c1.9352 0 3.5027 1.5675 3.5027 3.5027v18.199c0 1.9352-1.5675 3.5027-3.5027 3.5027h-3.6991v-18.278c0-1.5103-1.2283-2.735-2.7422-2.7243l-13.265 0.075c-0.57129 4e-3 -1.1283-0.17138-1.596-0.50344l-2.9528-2.0995c-0.4606-0.32849-1.014-0.50345-1.5782-0.50345h-4.531v-0.48916c0-1.9352 1.5675-3.5027 3.5027-3.5027h6.5698c0.66412 0 1.3104 0.21066 1.8424 0.60342l2.1994 1.6139c0.53559 0.39276 1.1819 0.60343 1.846 0.60343z" clip-rule="evenodd" fill="url(#SVGID_00000019652434788841659490000008021016220503567533_)" fill-rule="evenodd"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.0 KiB

3
docs/assets/img/cloud/protondrive.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.3 KiB

After

Width:  |  Height:  |  Size: 5.6 KiB

1
docs/assets/img/dns/pi-hole.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 89 130"><defs><linearGradient id="a" x1="0%" x2="100%" y1="49.975%" y2="49.975%"><stop offset="0%" stop-color="#12B212"/><stop offset="100%" stop-color="#0F0"/></linearGradient></defs><g fill="none" fill-rule="nonzero"><path fill="url(#a)" d="M36.56 39.93C20.34 38.2 4 25.94 2.71 0c25.17 0 38.63 14.9 39.93 38.51 4.76-28.32 27.07-25 27.07-25 1.06 16.05-12.12 25.78-27.07 26.59-4.2-8.85-29.36-30.56-29.36-30.56a.07.07 0 0 0-.11.08s24.28 21.15 23.39 30.31"/><path fill="#980200" d="M44.16 129.93c-1.57-.09-16.22-.65-17.11-17.11-.72-10 7.18-17.37 7.18-27.08C32.44 61.53 0 64.53 0 85.74a19.94 19.94 0 0 0 5.83 14.14L30 124.06a19.94 19.94 0 0 0 14.14 5.83"/><path fill="red" d="M88.32 85.75c-.09 1.57-.65 16.22-17.11 17.11-10 .72-17.38-7.18-27.08-7.18-24.21 1.79-21.21 34.22 0 34.22a19.94 19.94 0 0 0 14.14-5.83L82.46 99.9a19.94 19.94 0 0 0 5.83-14.14"/><path fill="#980200" d="M44.16 41.59c1.57.09 16.22.65 17.11 17.11.72 10-7.18 17.37-7.18 27.08 1.79 24.21 34.22 21.21 34.22 0a19.94 19.94 0 0 0-5.83-14.14L58.3 47.45a19.94 19.94 0 0 0-14.14-5.83"/><path fill="red" d="M.08 85.75c.09-1.57.65-16.22 17.11-17.11 10-.72 17.38 7.18 27.08 7.18 24.21-1.82 21.21-34.22 0-34.22a19.94 19.94 0 0 0-14.14 5.83L5.94 71.61A19.94 19.94 0 0 0 .11 85.75"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

1
docs/assets/img/email/disroot-dark.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 7.3 KiB

1
docs/assets/img/email/disroot.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 7.3 KiB

1
docs/assets/img/email/mini/disroot-dark.svg
View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 298"><path fill="#fff" fill-rule="nonzero" d="M70.761.97C76.184-.66 82.722.258 88.337.258c15.055 0 30.042 2.067 45.011 4.17l3.326.467 1.663.233c45.993 6.411 93.211 18.792 134.996 39.39 17.902 8.824 34.021 20.622 51.004 30.995 14.752 9.01 27.07 19.226 39.039 31.746 6.143 6.427 12.996 13.692 16.496 21.999 4.552 10.803 4.835 25.505 3.026 37-3.916 24.881-23.26 44.954-42.391 59.656-43.041 33.076-99.083 50.141-151.17 62.905-16.984 4.162-35.457 8.411-53 8.439-.975.002-1.973.02-2.979.031l-.672.007-.673.003-.675-.002c-5.62-.04-11.225-.76-14.443-6.133-1.261-2.106-1.85-4.545-2.427-6.906-6.126-25.092 31.664-30.723 30.826-56-.485-14.613-10.464-29.563-15.532-43-9.602-25.457-19.686-51.149-30.76-76-1.418-3.18-2.62-6.472-3.8-9.777l-1.063-2.975c-1.896-5.287-3.886-10.53-6.761-15.323-5.132-8.555-12.664-10.856-22.041-12.196-12.935-1.848-27.059-1.232-40 .22-1.936.218-4.408.635-7.04.947l-.61.07c-7.352.815-15.714.647-17.122-6.97-2.66-14.398 4.373-25.648 14.772-34.901C31.677 13.814 50.274 7.132 70.761.97Zm128.576 103.287c5.051 17.461 11.049 34.665 17.135 51.81l2.15 6.05a3170.29 3170.29 0 0 1 6.41 18.14c4.16 11.926 11.046 23.215 12.131 36 .281 3.305-.307 6.559-.93 9.805l-.248 1.299c-.246 1.298-.48 2.596-.648 3.896 19.663-4.844 47.291-6.374 60.443-24.001 8.448-11.322 9.163-26.261 1.449-37.999-2.234-3.4-5.12-6.116-8.052-8.83l-1.036-.958c-.69-.64-1.38-1.285-2.059-1.943-18.683-18.082-40.608-35.514-64.741-45.669-7.315-3.078-14.033-6.427-22.004-7.6Z"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.5 KiB

1
docs/assets/img/email/mini/disroot.svg
View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 298"><path fill="#50162D" fill-rule="nonzero" d="M70.761.97C76.184-.66 82.722.258 88.337.258c15.055 0 30.042 2.067 45.011 4.17l3.326.467 1.663.233c45.993 6.411 93.211 18.792 134.996 39.39 17.902 8.824 34.021 20.622 51.004 30.995 14.752 9.01 27.07 19.226 39.039 31.746 6.143 6.427 12.996 13.692 16.496 21.999 4.552 10.803 4.835 25.505 3.026 37-3.916 24.881-23.26 44.954-42.391 59.656-43.041 33.076-99.083 50.141-151.17 62.905-16.984 4.162-35.457 8.411-53 8.439-.975.002-1.973.02-2.979.031l-.672.007-.673.003-.675-.002c-5.62-.04-11.225-.76-14.443-6.133-1.261-2.106-1.85-4.545-2.427-6.906-6.126-25.092 31.664-30.723 30.826-56-.485-14.613-10.464-29.563-15.532-43-9.602-25.457-19.686-51.149-30.76-76-1.418-3.18-2.62-6.472-3.8-9.777l-1.063-2.975c-1.896-5.287-3.886-10.53-6.761-15.323-5.132-8.555-12.664-10.856-22.041-12.196-12.935-1.848-27.059-1.232-40 .22-1.936.218-4.408.635-7.04.947l-.61.07c-7.352.815-15.714.647-17.122-6.97-2.66-14.398 4.373-25.648 14.772-34.901C31.677 13.814 50.274 7.132 70.761.97Zm128.576 103.287c5.051 17.461 11.049 34.665 17.135 51.81l2.15 6.05a3170.29 3170.29 0 0 1 6.41 18.14c4.16 11.926 11.046 23.215 12.131 36 .281 3.305-.307 6.559-.93 9.805l-.248 1.299c-.246 1.298-.48 2.596-.648 3.896 19.663-4.844 47.291-6.374 60.443-24.001 8.448-11.322 9.163-26.261 1.449-37.999-2.234-3.4-5.12-6.116-8.052-8.83l-1.036-.958c-.69-.64-1.38-1.285-2.059-1.943-18.683-18.082-40.608-35.514-64.741-45.669-7.315-3.078-14.033-6.427-22.004-7.6Z"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.5 KiB

16
docs/assets/img/email/mini/protonmail.svg
View File

@ -1 +1,15 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 41 57"><g fill="#657ee4" fill-rule="evenodd"><path d="M38.66 34.466a2.976 2.976 0 0 0-3.008 0l-13.954 8.64a2.976 2.976 0 0 1-3.2 0l-13.954-8.64A2.976 2.976 0 0 0 0 36.994v16.77a2.975 2.975 0 0 0 2.976 2.976H37.22a2.976 2.976 0 0 0 2.976-2.976V37.058a2.976 2.976 0 0 0-1.536-2.592Z"/><path d="M40.196 19.296C39.766 8.516 30.902 0 20.114 0S.462 8.517.032 19.296v5.6a2.98 2.98 0 0 0 1.408 2.529l17.122 10.593a2.976 2.976 0 0 0 3.2 0l17.122-10.593a2.976 2.976 0 0 0 1.408-2.528v-5.6h-.096Zm-7.84 0v3.2c0 .725-.588 1.313-1.313 1.313H9.121a1.28 1.28 0 0 1-1.312-1.313v-3.2c0-6.77 5.488-12.257 12.257-12.257 6.77 0 12.257 5.488 12.257 12.257h.032Z"/></g></svg>
<svg width="979" height="785" viewBox="0 0 979 785" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M0 22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L941.85 5.23618C956.511 -6.94591 978.723 3.48621 978.723 22.5541V683.7C978.723 739.646 933.393 785 877.476 785H101.247C45.3299 785 0 739.646 0 683.7V22.5541Z" fill="#6D4AFF"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M621.492 271.42L621.546 271.464L426.244 444.071C392.975 473.475 343.246 474.216 309.116 445.817L0 188.604V22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L621.492 271.42Z" fill="url(#paint0_linear_6150_150885)"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M770.604 147.526V785H877.476C933.393 785 978.723 739.642 978.723 683.699V22.5548C978.723 3.4868 956.51 -6.94715 941.849 5.23724L770.604 147.526Z" fill="url(#paint1_linear_6150_150885)"/>
<defs>
<linearGradient id="paint0_linear_6150_150885" x1="738.261" y1="384.02" x2="514.95" y2="-568.829" gradientUnits="userSpaceOnUse">
<stop stop-color="#E2DBFF"/>
<stop offset="1" stop-color="#6D4AFF"/>
</linearGradient>
<linearGradient id="paint1_linear_6150_150885" x1="1276.84" y1="1301.35" x2="514.868" y2="-325.532" gradientUnits="userSpaceOnUse">
<stop offset="0.271019" stop-color="#E2DBFF"/>
<stop offset="1" stop-color="#6D4AFF"/>
</linearGradient>
</defs>
</svg>

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 706 B

After

Width:  |  Height:  |  Size: 1.4 KiB

27
docs/assets/img/email/protonmail.svg
View File

@ -1,2 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.84675 0 0 .84675 -.12751 9.4099)" fill="#657ee4" fill-rule="evenodd"><path d="m12.23 10.79a0.93 0.93 0 0 0-0.94 0l-4.36 2.7a0.93 0.93 0 0 1-1 0l-4.36-2.7a0.93 0.93 0 0 0-1.42 0.79v5.24c0 0.514 0.416 0.93 0.93 0.93h10.7a0.93 0.93 0 0 0 0.93-0.93v-5.22a0.93 0.93 0 0 0-0.48-0.81z"/><path d="m12.71 6.05a6.28 6.28 0 0 0-12.55 0v1.75c0 0.322 0.167 0.62 0.44 0.79l5.35 3.31a0.93 0.93 0 0 0 1 0l5.35-3.31a0.93 0.93 0 0 0 0.44-0.79v-1.75zm-2.45 0v1a0.41 0.41 0 0 1-0.41 0.41h-6.85a0.4 0.4 0 0 1-0.41-0.41v-1a3.83 3.83 0 0 1 7.66 0z"/><path d="m29.74 3.38a3.85 3.85 0 0 1 1.43 3.26 4 4 0 0 1-1.49 3.44 6.43 6.43 0 0 1-4 1.13h-1.76v5.18h-1.92v-14.1h3.7a6.56 6.56 0 0 1 4.04 1.09zm-1.53 5.62a2.75 2.75 0 0 0 0.89-2.35 2.57 2.57 0 0 0-0.89-2.19 4.15 4.15 0 0 0-2.55-0.68h-1.74v5.87h1.7a4.33 4.33 0 0 0 2.59-0.65zm10.9-3.52-0.35 1.84a3.87 3.87 0 0 0-0.94-0.12 2 2 0 0 0-1.62 0.74 5.46 5.46 0 0 0-1 2.29v6.16h-1.84v-10.79h1.64l0.18 2.19a4.09 4.09 0 0 1 1.15-1.79 2.61 2.61 0 0 1 1.67-0.64 4.38 4.38 0 0 1 1.11 0.12zm9.12 1.39a6.24 6.24 0 0 1 1.26 4.13 7.17 7.17 0 0 1-0.57 3 4.49 4.49 0 0 1-1.66 2 4.62 4.62 0 0 1-2.58 0.71 4.37 4.37 0 0 1-3.54-1.51 6.2 6.2 0 0 1-1.27-4.2 7.17 7.17 0 0 1 0.57-3 4.49 4.49 0 0 1 1.66-2 4.66 4.66 0 0 1 2.6-0.71 4.34 4.34 0 0 1 3.53 1.58zm-6.34 4.13c0 2.74 0.927 4.11 2.78 4.11s2.783-1.37 2.79-4.11c0-2.74-0.92-4.11-2.76-4.11s-2.777 1.37-2.81 4.11zm16.11 4.9a4.14 4.14 0 0 1-2.42 0.74 2.85 2.85 0 0 1-2.14-0.79 3.14 3.14 0 0 1-0.77-2.28v-6.51h-1.83v-1.46h1.88v-2.43l1.88-0.22v2.65h2.56l-0.16 1.46h-2.4v6.43a2 2 0 0 0 0.3 1.22 1.19 1.19 0 0 0 1 0.38 3.08 3.08 0 0 0 1.43-0.43zm9.26-9.03a6.24 6.24 0 0 1 1.26 4.13 7.17 7.17 0 0 1-0.57 3 4.49 4.49 0 0 1-1.66 2 4.62 4.62 0 0 1-2.58 0.71 4.37 4.37 0 0 1-3.54-1.51 6.2 6.2 0 0 1-1.27-4.2 7.17 7.17 0 0 1 0.57-3 4.49 4.49 0 0 1 1.66-2 4.66 4.66 0 0 1 2.6-0.71 4.34 4.34 0 0 1 3.53 1.58zm-6.33 4.13c0 2.74 0.927 4.11 2.78 4.11s2.78-1.37 2.78-4.11-0.92-4.11-2.76-4.11-2.773 1.37-2.8 4.11zm18.07-4.76a3.38 3.38 0 0 1 0.83 2.42v7.74h-1.83v-7.48a2.39 2.39 0 0 0-0.43-1.62 1.63 1.63 0 0 0-1.27-0.47 2.46 2.46 0 0 0-1.51 0.49 5.09 5.09 0 0 0-1.23 1.41v7.66h-1.93v-10.79h1.62l0.16 1.6a4.25 4.25 0 0 1 1.42-1.35 3.68 3.68 0 0 1 1.87-0.49 3 3 0 0 1 2.3 0.88zm17.34 10.15h-1.88l-0.46-6.39c-0.207-2.5-0.323-4.417-0.35-5.75l-3 10.52h-1.82l-3.21-10.54c0 1.707-0.09 3.68-0.27 5.92l-0.47 6.22h-1.88l1.17-14.1h2.62l3 10.25 2.82-10.25h2.64zm10.66-1.55c0.171 0.227 0.409 0.394 0.68 0.48l-0.43 1.31a2.87 2.87 0 0 1-1.35-0.47 2.15 2.15 0 0 1-0.76-1.15 3.62 3.62 0 0 1-3.14 1.63 3.45 3.45 0 0 1-2.52-0.9 3.15 3.15 0 0 1-0.92-2.35 3.09 3.09 0 0 1 1.24-2.64 5.79 5.79 0 0 1 3.51-0.92h1.66v-0.83a2.09 2.09 0 0 0-0.55-1.64 2.5 2.5 0 0 0-1.7-0.49 9.5 9.5 0 0 0-2.91 0.57l-0.47-1.37a10.85 10.85 0 0 1 3.72-0.74 3.89 3.89 0 0 1 2.84 0.93 3.56 3.56 0 0 1 0.94 2.65v4.93c-0.05 0.342 6e-3 0.69 0.16 1zm-2.11-1.3v-2.47h-1.41c-2 0-3 0.737-3 2.21a2 2 0 0 0 0.47 1.45c0.375 0.35 0.879 0.527 1.39 0.49a2.81 2.81 0 0 0 2.59-1.68zm7.68-12.75c0.245 0.243 0.379 0.575 0.37 0.92a1.21 1.21 0 0 1-0.37 0.91 1.32 1.32 0 0 1-1 0.36 1.29 1.29 0 0 1-0.94-0.36 1.22 1.22 0 0 1-0.37-0.91 1.25 1.25 0 0 1 0.37-0.92c0.25-0.247 0.59-0.38 0.94-0.37a1.3 1.3 0 0 1 1 0.37zm0 4.81v10.79h-1.88v-10.79zm4.43 10.4a2.41 2.41 0 0 1-0.6-1.75v-13l1.88-0.22v13.19a1.1 1.1 0 0 0 0.15 0.66 0.61 0.61 0 0 0 0.52 0.2 1.88 1.88 0 0 0 0.7-0.12l0.49 1.31a3.07 3.07 0 0 1-1.49 0.37 2.18 2.18 0 0 1-1.65-0.64z" fill-rule="nonzero"/></g></svg>
<svg width="4611" height="785" viewBox="0 0 4611 785" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M3393.77 628.366V148.75H3518.26L3634.96 436.342C3645.32 460.412 3654.25 485.07 3661.71 510.19H3662.9C3670.4 485.085 3679.33 460.429 3689.65 436.342L3806.35 148.75H3930.84V628.366H3840.6V307.01C3840.5 296.426 3841 285.846 3842.09 275.318H3840.6C3837.85 286.656 3834.08 297.724 3829.35 308.392L3700.02 622.739H3625.48L3495.75 308.392C3491.08 297.627 3487.09 286.581 3483.8 275.318H3482.42C3483.42 285.852 3483.88 296.429 3483.8 307.01V628.366H3393.77Z" fill="#6D4AFF"/>
<path d="M4239.47 311.946C4265.6 325.654 4287.2 346.641 4301.66 372.367C4317.16 400.305 4325 431.846 4324.37 463.788V628.367H4245.39L4239.76 579.003C4229.46 596.899 4214.34 611.54 4196.12 621.258C4176.6 631.406 4154.84 636.465 4132.84 635.969C4104.75 636.251 4077.14 628.732 4053.07 614.249C4028.72 599.465 4008.88 578.296 3995.71 553.038C3981.32 525.239 3974.1 494.293 3974.68 462.999C3974.29 432.197 3982.16 401.855 3997.49 375.131C4012.47 349.157 4034.24 327.756 4060.47 313.23C4087.63 298.137 4118.26 290.379 4149.33 290.72C4180.67 290.176 4211.66 297.473 4239.47 311.946V311.946ZM4210.54 533.391C4227.72 517.002 4236.21 493.9 4236.21 463.097C4237.29 437.923 4228.46 413.327 4211.62 394.581C4203.61 386.204 4193.97 379.537 4183.31 374.982C4172.65 370.428 4161.17 368.079 4149.57 368.079C4137.98 368.079 4126.5 370.428 4115.84 374.982C4105.17 379.537 4095.54 386.204 4087.52 394.581C4071.51 413.783 4062.74 437.995 4062.74 462.999C4062.74 488.002 4071.51 512.214 4087.52 531.417C4095.43 539.974 4105.06 546.75 4115.78 551.295C4126.51 555.84 4138.08 558.05 4149.72 557.777C4160.97 557.965 4172.15 555.905 4182.59 551.718C4193.03 547.53 4202.54 541.299 4210.54 533.391V533.391Z" fill="#6D4AFF"/>
<path d="M4373.04 229.311C4367.73 224.46 4363.5 218.538 4360.64 211.935C4357.78 205.333 4356.35 198.199 4356.45 191.005C4356.37 183.756 4357.81 176.569 4360.66 169.905C4363.52 163.242 4367.73 157.247 4373.04 152.304C4383.53 141.862 4397.73 136 4412.53 136C4427.33 136 4441.53 141.862 4452.02 152.304C4457.29 157.267 4461.48 163.268 4464.32 169.928C4467.15 176.589 4468.58 183.765 4468.51 191.005C4468.6 198.189 4467.18 205.312 4464.34 211.911C4461.5 218.511 4457.3 224.439 4452.02 229.311C4441.41 239.519 4427.25 245.221 4412.53 245.221C4397.8 245.221 4383.65 239.519 4373.04 229.311ZM4457.05 628.366H4368.2V297.828H4457.05V628.366Z" fill="#6D4AFF"/>
<path d="M4610.68 628.366H4521.82V148.75H4610.68V628.366Z" fill="#6D4AFF"/>
<path d="M1549.54 147.559H1328V627.471H1415.77V508.406C1415.77 496.78 1420.39 485.631 1428.61 477.41C1436.83 469.19 1447.98 464.571 1459.6 464.571H1549.54C1591.44 464.571 1631.62 447.929 1661.24 418.305C1690.86 388.681 1707.51 348.502 1707.51 306.608C1707.65 285.773 1703.67 265.115 1695.8 245.824C1687.92 226.534 1676.31 208.992 1661.63 194.208C1646.94 179.425 1629.48 167.692 1610.25 159.686C1591.01 151.68 1570.38 147.558 1549.54 147.559ZM1618.65 305.522C1618.57 325.352 1610.63 344.341 1596.56 358.317C1582.49 372.293 1563.45 380.113 1543.62 380.061H1415.27V230.094H1543.62C1553.46 230.094 1563.2 232.033 1572.3 235.798C1581.39 239.564 1589.65 245.084 1596.61 252.042C1603.56 259 1609.08 267.261 1612.85 276.352C1616.62 285.444 1618.55 295.188 1618.55 305.028L1618.65 305.522Z" fill="#1B1340"/>
<path d="M1721.33 627.476V437.13C1721.33 359.432 1766.74 297.53 1857.47 297.53C1872.06 297.319 1886.63 298.944 1900.81 302.367V380.757C1890.45 380.066 1881.07 380.066 1877.41 380.066C1829.33 380.066 1808.3 401.983 1808.3 446.707V627.476H1721.33Z" fill="#1B1340"/>
<path d="M1926.88 465.96C1926.88 370.392 1999.05 297.531 2099.46 297.531C2199.86 297.531 2271.93 370.194 2271.93 465.96C2271.93 561.725 2199.76 635.079 2099.46 635.079C1999.15 635.079 1926.88 561.527 1926.88 465.96ZM2186.04 465.96C2186.04 411.66 2149.61 373.156 2099.46 373.156C2049.3 373.156 2012.77 411.66 2012.77 465.96C2012.77 520.26 2049.2 558.763 2099.46 558.763C2149.71 558.763 2186.04 520.951 2186.04 465.96Z" fill="#1B1340"/>
<path d="M2524.87 373.845H2430.78V494.094C2430.78 536.053 2445.89 555.305 2489.13 555.305C2493.28 555.305 2503.64 555.305 2516.68 554.614V625.401C2500.15 630.24 2483.05 632.797 2465.83 633.003C2392.97 633.003 2343.41 588.971 2343.41 505.843V373.845H2285.06V304.736H2299.58C2311.2 304.736 2322.35 300.117 2330.57 291.897C2338.79 283.676 2343.41 272.526 2343.41 260.901V195.148H2430.78V304.439H2524.87V373.845Z" fill="#1B1340"/>
<path d="M2551.03 465.96C2551.03 370.392 2623.2 297.531 2723.51 297.531C2823.81 297.531 2896.08 370.194 2896.08 465.96C2896.08 561.725 2823.91 635.079 2723.51 635.079C2623.1 635.079 2551.03 561.527 2551.03 465.96ZM2810.19 465.96C2810.19 411.66 2773.76 373.156 2723.51 373.156C2673.26 373.156 2636.92 411.66 2636.92 465.96C2636.92 520.26 2673.35 558.763 2723.51 558.763C2773.66 558.763 2810.19 520.951 2810.19 465.96Z" fill="#1B1340"/>
<path d="M2941.4 627.477V443.944C2941.4 358.742 2995.7 297.531 3092.65 297.531C3189.6 297.531 3243.21 358.742 3243.21 443.944V627.477H3156.63V450.854C3156.63 403.367 3135.3 373.847 3092.65 373.847C3050 373.847 3028.77 403.465 3028.77 450.854V627.477H2941.4Z" fill="#1B1340"/>
<path d="M0 22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L941.85 5.23618C956.511 -6.94591 978.723 3.48621 978.723 22.5541V683.7C978.723 739.646 933.393 785 877.476 785H101.247C45.3299 785 0 739.646 0 683.7V22.5541Z" fill="#6D4AFF"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M621.492 271.42L621.546 271.464L426.244 444.071C392.975 473.475 343.246 474.216 309.116 445.817L0 188.604V22.5541C0 3.48617 22.2124 -6.94596 36.8738 5.23613L424.677 327.46C462.177 358.619 516.546 358.619 554.046 327.46L621.492 271.42Z" fill="url(#paint0_linear_6138_150267)"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M770.604 147.526V785H877.476C933.393 785 978.723 739.642 978.723 683.699V22.5548C978.723 3.4868 956.51 -6.94715 941.849 5.23724L770.604 147.526Z" fill="url(#paint1_linear_6138_150267)"/>
<defs>
<linearGradient id="paint0_linear_6138_150267" x1="738.261" y1="384.02" x2="514.95" y2="-568.829" gradientUnits="userSpaceOnUse">
<stop stop-color="#E2DBFF"/>
<stop offset="1" stop-color="#6D4AFF"/>
</linearGradient>
<linearGradient id="paint1_linear_6138_150267" x1="1276.84" y1="1301.35" x2="514.868" y2="-325.532" gradientUnits="userSpaceOnUse">
<stop offset="0.271019" stop-color="#E2DBFF"/>
<stop offset="1" stop-color="#6D4AFF"/>
</linearGradient>
</defs>
</svg>

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.5 KiB

After

Width:  |  Height:  |  Size: 6.3 KiB

BIN
docs/assets/img/erasing-data/shredos.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

BIN
docs/assets/img/layout/android-chrome-192x192.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 7.4 KiB

BIN
docs/assets/img/layout/android-chrome-512x512.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 22 KiB

BIN
docs/assets/img/layout/apple-touch-icon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 7.2 KiB

BIN
docs/assets/img/layout/favicon-16x16.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.0 KiB

BIN
docs/assets/img/layout/favicon-32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

BIN
docs/assets/img/layout/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 15 KiB

BIN
docs/assets/img/layout/mstile-150x150.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.1 KiB

51
docs/assets/img/layout/privacy-guides-logo-dark.svg
View File

@ -1,51 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="100%" height="100%" viewBox="0 0 300 39" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
<g transform="matrix(0.689203,0,0,0.689203,-7.49104,-6.28359)">
<path d="M18.466,16.31C18.279,16.938 18.384,17.673 18.594,19.141L21.253,37.755C21.713,40.971 21.942,42.578 22.551,44.015C23.09,45.289 23.845,46.46 24.783,47.476C25.842,48.623 27.212,49.494 29.952,51.238L33.848,53.717C35.716,54.906 36.65,55.5 37.654,55.732C38.426,55.91 39.224,55.933 40.003,55.801C39.359,54.33 39.002,52.706 39.002,50.997C39.002,44.37 44.375,38.997 51.002,38.997C52.936,38.997 54.763,39.455 56.381,40.267C56.494,39.55 56.612,38.726 56.751,37.755L56.751,37.755L59.41,19.141C59.62,17.673 59.725,16.938 59.538,16.31C59.374,15.756 59.053,15.261 58.615,14.885C58.117,14.458 57.403,14.255 55.977,13.847L40.321,9.374C39.83,9.234 39.585,9.164 39.335,9.136C39.114,9.111 38.891,9.111 38.669,9.136C38.42,9.164 38.174,9.234 37.684,9.374L22.027,13.847C20.601,14.255 19.887,14.458 19.39,14.885C18.951,15.261 18.63,15.756 18.466,16.31Z" style="fill:rgb(40,50,63);"/>
</g>
<g transform="matrix(0.689203,0,0,0.689203,-7.49104,-6.28359)">
<path d="M32.836,13.626C32.946,13.614 33.058,13.614 33.169,13.626C33.265,13.637 33.371,13.663 33.909,13.816L49.565,18.289C50.3,18.5 50.771,18.635 51.123,18.765C51.458,18.89 51.578,18.972 51.638,19.024C51.858,19.212 52.018,19.459 52.1,19.736C52.123,19.813 52.149,19.956 52.126,20.313C52.102,20.688 52.034,21.172 51.925,21.929L49.692,37.56C42.851,38.219 37.502,43.983 37.502,50.997C37.502,52.382 37.711,53.718 38.098,54.976L37.351,55.452C35.388,56.701 34.706,57.11 34.014,57.27C33.348,57.424 32.657,57.424 31.991,57.27C31.298,57.11 30.616,56.701 28.654,55.452L24.758,52.973C21.95,51.186 20.781,50.428 19.886,49.458C19.065,48.569 18.404,47.545 17.932,46.43C17.418,45.215 17.209,43.837 16.738,40.543L14.079,21.929C13.971,21.172 13.903,20.688 13.878,20.313C13.855,19.956 13.881,19.813 13.904,19.736C13.986,19.459 14.147,19.212 14.366,19.024C14.427,18.972 14.547,18.89 14.881,18.765C15.234,18.635 15.704,18.5 16.439,18.289L32.096,13.816C32.633,13.663 32.74,13.637 32.836,13.626ZM54.903,22.301L52.716,37.605C59.363,38.447 64.502,44.122 64.502,50.997C64.502,58.453 58.458,64.497 51.002,64.497C46.01,64.497 41.651,61.787 39.315,57.758L38.962,57.983L38.739,58.124C37.088,59.177 35.947,59.903 34.688,60.194C33.579,60.449 32.426,60.449 31.317,60.194C30.058,59.903 28.917,59.177 27.265,58.124L27.043,57.983L22.954,55.381L22.954,55.381C20.398,53.754 18.873,52.784 17.681,51.493C16.626,50.35 15.776,49.033 15.17,47.6C14.484,45.982 14.229,44.193 13.801,41.194L11.102,22.301C11.003,21.611 10.918,21.012 10.885,20.508C10.85,19.973 10.864,19.435 11.028,18.883C11.274,18.052 11.756,17.31 12.414,16.746C12.851,16.372 13.336,16.139 13.839,15.952C14.312,15.777 14.895,15.611 15.564,15.419L15.615,15.405L31.271,10.932L31.354,10.908C31.764,10.791 32.125,10.687 32.502,10.645C32.835,10.608 33.17,10.608 33.502,10.645C33.88,10.687 34.241,10.791 34.65,10.908L34.733,10.932L50.44,15.419C51.11,15.611 51.692,15.777 52.166,15.952C52.668,16.139 53.154,16.372 53.591,16.746C54.249,17.31 54.73,18.052 54.977,18.883C55.14,19.435 55.155,19.973 55.12,20.508C55.087,21.012 55.001,21.611 54.903,22.3L54.903,22.301ZM51.002,40.497C45.203,40.497 40.502,45.198 40.502,50.997C40.502,56.796 45.203,61.497 51.002,61.497C56.801,61.497 61.502,56.796 61.502,50.997C61.502,45.198 56.801,40.497 51.002,40.497ZM58.154,47.458C58.685,46.821 58.599,45.875 57.962,45.345C57.326,44.815 56.38,44.9 55.85,45.537L49.401,53.275L46.063,49.936C45.477,49.351 44.527,49.351 43.942,49.936C43.356,50.522 43.356,51.472 43.942,52.058L48.442,56.558C48.74,56.856 49.149,57.015 49.57,56.996C49.991,56.977 50.385,56.781 50.654,56.458L58.154,47.458ZM25.502,29.997C25.502,25.855 28.86,22.497 33.002,22.497C37.144,22.497 40.502,25.855 40.502,29.997C40.502,32.451 39.324,34.629 37.502,35.998L37.502,41.997C37.502,44.483 35.488,46.497 33.002,46.497C30.517,46.497 28.502,44.483 28.502,41.997L28.502,35.998C26.681,34.629 25.502,32.451 25.502,29.997ZM34.502,37.497L31.502,37.497L31.502,41.997C31.502,42.826 32.174,43.497 33.002,43.497C33.831,43.497 34.502,42.826 34.502,41.997L34.502,37.497ZM33.002,34.497C35.488,34.497 37.502,32.483 37.502,29.997C37.502,27.512 35.488,25.497 33.002,25.497C30.517,25.497 28.502,27.512 28.502,29.997C28.502,32.483 30.517,34.497 33.002,34.497Z" style="fill:white;"/>
</g>
<g id="Privacy-Guides" serif:id="Privacy Guides" transform="matrix(0.0535473,0,0,0.0533183,-1.21787,-26.5177)">
<g transform="matrix(658.502,0,0,658.502,970.977,1072.74)">
<path d="M0.025,-0L0.378,-0L0.269,-0.084L0.269,-0.297C0.285,-0.295 0.32,-0.293 0.388,-0.293C0.552,-0.293 0.646,-0.401 0.646,-0.521C0.646,-0.625 0.557,-0.719 0.409,-0.719C0.318,-0.719 0.207,-0.718 0.207,-0.718L0.025,-0.718L0.129,-0.637L0.129,-0.08L0.025,-0ZM0.291,-0.667C0.353,-0.667 0.4,-0.668 0.437,-0.648C0.476,-0.625 0.497,-0.571 0.497,-0.506C0.497,-0.346 0.381,-0.343 0.269,-0.343L0.269,-0.667L0.291,-0.667Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,1400.98,1072.74)">
<path d="M0.024,-0L0.294,-0L0.216,-0.07L0.216,-0.26C0.22,-0.32 0.234,-0.363 0.271,-0.401C0.275,-0.356 0.308,-0.33 0.346,-0.33C0.382,-0.33 0.416,-0.364 0.416,-0.411C0.416,-0.464 0.375,-0.489 0.341,-0.489C0.283,-0.489 0.236,-0.44 0.213,-0.374L0.186,-0.501L0.096,-0.441L0.096,-0.44L0.024,-0.392L0.096,-0.348L0.096,-0.07L0.024,-0Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,1674.92,1072.74)">
<path d="M0.024,-0L0.293,-0L0.216,-0.07L0.216,-0.509L0.155,-0.472L0.096,-0.436L0.024,-0.392L0.096,-0.355L0.096,-0.07L0.024,-0ZM0.086,-0.64C0.086,-0.598 0.12,-0.564 0.162,-0.564C0.203,-0.564 0.238,-0.598 0.238,-0.64C0.238,-0.681 0.203,-0.716 0.162,-0.716C0.12,-0.716 0.086,-0.681 0.086,-0.64Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,1875.76,1072.74)">
<path d="M0.572,-0.479L0.439,-0.479L0.438,-0.476L0.438,-0.479L0.342,-0.479L0.408,-0.408L0.296,-0.153L0.182,-0.422L0.251,-0.479L-0.049,-0.479L0.054,-0.401L0.258,0.043L0.278,-0.002L0.279,-0.001L0.461,-0.397L0.572,-0.479Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,2220.16,1072.74)">
<path d="M0.332,-0.341C0.333,-0.254 0.238,-0.243 0.166,-0.226C0.104,-0.211 0.045,-0.17 0.045,-0.1C0.045,-0.055 0.074,0.014 0.167,0.014C0.233,0.014 0.302,-0.023 0.333,-0.077L0.358,-0L0.522,-0L0.446,-0.079C0.446,-0.125 0.447,-0.279 0.447,-0.32C0.447,-0.454 0.355,-0.494 0.268,-0.494L0.252,-0.494C0.149,-0.494 0.061,-0.414 0.061,-0.355C0.061,-0.309 0.085,-0.274 0.129,-0.274C0.165,-0.274 0.198,-0.305 0.198,-0.344C0.198,-0.378 0.187,-0.403 0.144,-0.42C0.158,-0.44 0.205,-0.446 0.235,-0.446C0.285,-0.446 0.329,-0.409 0.333,-0.341L0.332,-0.341ZM0.215,-0.061C0.189,-0.061 0.164,-0.079 0.164,-0.109C0.164,-0.147 0.184,-0.17 0.238,-0.194C0.271,-0.207 0.308,-0.226 0.332,-0.257L0.33,-0.136C0.308,-0.083 0.251,-0.061 0.215,-0.061Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,2569.82,1072.74)">
<path d="M0.279,0.01C0.379,0.01 0.485,-0.072 0.485,-0.185C0.452,-0.119 0.382,-0.091 0.32,-0.091C0.223,-0.091 0.153,-0.158 0.153,-0.28C0.153,-0.376 0.215,-0.442 0.29,-0.442C0.35,-0.442 0.327,-0.385 0.327,-0.345C0.327,-0.295 0.361,-0.272 0.398,-0.272C0.444,-0.272 0.47,-0.309 0.47,-0.349C0.47,-0.43 0.395,-0.489 0.301,-0.489C0.149,-0.489 0.04,-0.384 0.04,-0.224C0.04,-0.091 0.135,0.01 0.279,0.01Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,2908.95,1072.74)">
<path d="M0.572,-0.479L0.439,-0.479L0.438,-0.477L0.438,-0.479L0.342,-0.479L0.407,-0.408L0.294,-0.154L0.175,-0.417L0.251,-0.479L-0.049,-0.479L0.054,-0.401L0.231,-0.014L0.207,0.04C0.194,0.062 0.169,0.122 0.127,0.122C0.095,0.122 0.056,0.102 0.066,0.028L-0.046,0.157C-0.02,0.21 0.019,0.237 0.086,0.237C0.169,0.237 0.217,0.159 0.254,0.071L0.463,-0.398L0.572,-0.479Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,3452.87,1072.74)">
<path d="M0.724,0.032L0.724,-0.262L0.831,-0.342L0.477,-0.342L0.574,-0.271L0.574,-0.182C0.571,-0.094 0.519,-0.048 0.422,-0.048C0.265,-0.048 0.207,-0.196 0.207,-0.368C0.207,-0.54 0.298,-0.665 0.43,-0.665C0.559,-0.665 0.621,-0.554 0.709,-0.418L0.709,-0.743L0.608,-0.664C0.554,-0.711 0.485,-0.734 0.435,-0.734C0.204,-0.734 0.05,-0.589 0.05,-0.337C0.05,-0.135 0.178,0.018 0.397,0.018C0.478,0.018 0.564,-0.003 0.625,-0.068L0.724,0.032ZM0.475,-0.342L0.477,-0.342L0.475,-0.344L0.475,-0.342Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,4009.96,1072.74)">
<path d="M0.505,-0.509L0.444,-0.471L0.444,-0.472L0.313,-0.392L0.385,-0.355L0.385,-0.138C0.379,-0.11 0.36,-0.063 0.293,-0.063C0.219,-0.063 0.201,-0.115 0.2,-0.199L0.201,-0.509L0.14,-0.471L0.14,-0.472L0.009,-0.392L0.08,-0.356L0.08,-0.163C0.08,-0.049 0.145,0.011 0.24,0.011C0.317,0.011 0.361,-0.02 0.392,-0.073L0.415,0.023L0.577,-0.058L0.505,-0.108L0.505,-0.509Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,4403.09,1072.74)">
<path d="M0.024,-0L0.293,-0L0.216,-0.07L0.216,-0.509L0.155,-0.472L0.096,-0.436L0.024,-0.392L0.096,-0.355L0.096,-0.07L0.024,-0ZM0.086,-0.64C0.086,-0.598 0.12,-0.564 0.162,-0.564C0.203,-0.564 0.238,-0.598 0.238,-0.64C0.238,-0.681 0.203,-0.716 0.162,-0.716C0.12,-0.716 0.086,-0.681 0.086,-0.64Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,4603.93,1072.74)">
<path d="M0.259,0.013C0.315,0.013 0.379,-0.01 0.413,-0.063L0.437,0.023L0.599,-0.058L0.527,-0.108L0.527,-0.75L0.491,-0.725L0.491,-0.726L0.335,-0.622L0.407,-0.587L0.407,-0.47C0.377,-0.482 0.346,-0.487 0.318,-0.487C0.154,-0.487 0.041,-0.363 0.041,-0.229C0.041,-0.063 0.152,0.013 0.259,0.013ZM0.326,-0.076C0.237,-0.076 0.165,-0.14 0.165,-0.275C0.165,-0.366 0.216,-0.437 0.297,-0.437C0.361,-0.437 0.4,-0.401 0.407,-0.325L0.407,-0.099C0.379,-0.078 0.346,-0.076 0.326,-0.076Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,5011.54,1072.74)">
<path d="M0.275,0.01C0.38,0.01 0.486,-0.071 0.486,-0.184C0.447,-0.121 0.389,-0.091 0.319,-0.091C0.22,-0.091 0.157,-0.158 0.153,-0.259L0.49,-0.259L0.49,-0.309L0.489,-0.309C0.479,-0.448 0.364,-0.489 0.281,-0.489C0.135,-0.489 0.04,-0.37 0.04,-0.23C0.04,-0.107 0.12,0.01 0.275,0.01ZM0.266,-0.442C0.329,-0.442 0.362,-0.388 0.362,-0.309L0.153,-0.309C0.154,-0.394 0.212,-0.442 0.266,-0.442Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,5353.97,1072.74)">
<path d="M0.218,-0.494C0.13,-0.494 0.054,-0.441 0.054,-0.343C0.054,-0.245 0.112,-0.205 0.206,-0.185C0.253,-0.175 0.322,-0.163 0.322,-0.106C0.322,-0.065 0.28,-0.045 0.247,-0.045C0.211,-0.045 0.184,-0.049 0.156,-0.07C0.111,-0.105 0.084,-0.156 0.052,-0.205L0.053,0.018L0.128,-0.019C0.156,-0.003 0.193,0.01 0.245,0.01C0.359,0.01 0.412,-0.077 0.412,-0.144C0.412,-0.258 0.345,-0.289 0.241,-0.315C0.181,-0.33 0.142,-0.349 0.142,-0.38C0.142,-0.419 0.177,-0.44 0.225,-0.44C0.252,-0.44 0.288,-0.428 0.311,-0.408C0.348,-0.379 0.373,-0.344 0.395,-0.304L0.394,-0.509L0.316,-0.466C0.29,-0.481 0.252,-0.494 0.218,-0.494Z" style="fill:white;fill-rule:nonzero;"/>
</g>
</g>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

1
docs/assets/img/layout/privacy-guides-logo-light.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

1
docs/assets/img/layout/privacy-guides-logo-notext-colorbg.svg
View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100%" height="100%" version="1.1" viewBox="0 0 33 34" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="M4.581,4.337c-0.113,0.379 -0.049,0.822 0.077,1.707l1.604,11.224c0.277,1.939 0.415,2.909 0.782,3.775c0.325,0.768 0.781,1.474 1.346,2.087c0.638,0.691 1.465,1.217 3.117,2.269l2.349,1.495c1.126,0.716 1.69,1.075 2.295,1.214c0.465,0.108 0.947,0.121 1.416,0.042c-0.388,-0.887 -0.603,-1.867 -0.603,-2.897c0,-3.996 3.24,-7.236 7.236,-7.236c1.166,0 2.268,0.276 3.243,0.766c0.069,-0.432 0.14,-0.929 0.223,-1.514l0,-0.001l1.604,-11.224c0.126,-0.885 0.19,-1.328 0.077,-1.707c-0.099,-0.334 -0.292,-0.632 -0.557,-0.859c-0.3,-0.257 -0.73,-0.38 -1.59,-0.626l-9.441,-2.697c-0.296,-0.085 -0.444,-0.127 -0.594,-0.144c-0.134,-0.015 -0.268,-0.015 -0.402,0c-0.15,0.017 -0.298,0.059 -0.594,0.144l-9.441,2.697c-0.86,0.246 -1.29,0.369 -1.59,0.626c-0.265,0.227 -0.458,0.525 -0.557,0.859Z" style="fill:#fff"/><path d="M13.246,2.719c0.066,-0.007 0.134,-0.007 0.201,0c0.057,0.007 0.122,0.022 0.446,0.114l9.44,2.698c0.444,0.126 0.727,0.208 0.94,0.287c0.202,0.075 0.274,0.124 0.311,0.156c0.132,0.113 0.229,0.262 0.278,0.429c0.014,0.047 0.03,0.133 0.016,0.348c-0.015,0.226 -0.056,0.518 -0.122,0.974l-1.346,9.426c-4.125,0.397 -7.351,3.873 -7.351,8.102c0,0.835 0.126,1.641 0.36,2.4l-0.451,0.286c-1.183,0.753 -1.594,1.001 -2.012,1.097c-0.401,0.092 -0.818,0.092 -1.22,0c-0.417,-0.096 -0.829,-0.344 -2.012,-1.097l-2.349,-1.494c-1.693,-1.078 -2.398,-1.535 -2.938,-2.12c-0.495,-0.536 -0.894,-1.153 -1.178,-1.825c-0.31,-0.733 -0.436,-1.564 -0.72,-3.551l-1.603,-11.224c-0.066,-0.456 -0.107,-0.748 -0.121,-0.974c-0.015,-0.215 0.001,-0.301 0.015,-0.348c0.05,-0.167 0.146,-0.316 0.279,-0.429c0.036,-0.032 0.109,-0.081 0.31,-0.156c0.213,-0.079 0.496,-0.161 0.94,-0.287l9.44,-2.698c0.324,-0.092 0.389,-0.107 0.447,-0.114Zm13.306,5.231l-1.318,9.228c4.007,0.508 7.106,3.93 7.106,8.075c0,4.496 -3.644,8.141 -8.14,8.141c-3.01,0 -5.639,-1.634 -7.048,-4.064l-0.212,0.136l-0.135,0.085c-0.996,0.634 -1.683,1.072 -2.443,1.248c-0.668,0.154 -1.364,0.154 -2.032,0c-0.76,-0.176 -1.447,-0.614 -2.443,-1.248l-0.134,-0.085l-2.466,-1.57l0,0c-1.541,-0.98 -2.461,-1.565 -3.179,-2.344c-0.637,-0.689 -1.149,-1.483 -1.515,-2.347c-0.413,-0.976 -0.567,-2.054 -0.825,-3.863l-1.628,-11.392c-0.059,-0.416 -0.111,-0.778 -0.131,-1.081c-0.021,-0.323 -0.012,-0.648 0.087,-0.98c0.148,-0.501 0.439,-0.949 0.835,-1.289c0.264,-0.226 0.557,-0.366 0.86,-0.478c0.285,-0.106 0.636,-0.206 1.04,-0.322l0.031,-0.009l9.44,-2.697l0.05,-0.014c0.247,-0.071 0.465,-0.133 0.693,-0.159c0.2,-0.022 0.402,-0.022 0.603,0c0.227,0.026 0.445,0.088 0.692,0.159l0.05,0.014l9.471,2.706c0.404,0.116 0.755,0.216 1.04,0.322c0.304,0.112 0.596,0.252 0.86,0.478c0.397,0.34 0.687,0.788 0.835,1.289c0.099,0.332 0.108,0.657 0.087,0.98c-0.02,0.303 -0.072,0.665 -0.131,1.08l0,0.001Zm-2.352,10.972c-3.497,0 -6.332,2.835 -6.332,6.331c0,3.497 2.835,6.332 6.332,6.332c3.497,0 6.331,-2.835 6.331,-6.332c0,-3.496 -2.834,-6.331 -6.331,-6.331Zm4.313,4.197c0.319,-0.384 0.268,-0.954 -0.116,-1.274c-0.384,-0.32 -0.954,-0.268 -1.274,0.116l-3.888,4.666l-2.013,-2.013c-0.354,-0.353 -0.926,-0.353 -1.28,0c-0.353,0.353 -0.353,0.926 0,1.279l2.714,2.713c0.18,0.18 0.427,0.276 0.68,0.264c0.254,-0.011 0.492,-0.129 0.654,-0.324l4.523,-5.427Zm-19.689,-10.529c0,-2.497 2.024,-4.522 4.522,-4.522c2.498,0 4.522,2.025 4.522,4.522c0,1.48 -0.71,2.794 -1.809,3.619l0,3.617c0,1.499 -1.214,2.714 -2.713,2.714c-1.499,0 -2.713,-1.215 -2.713,-2.714l0,-3.617c-1.099,-0.825 -1.809,-2.139 -1.809,-3.619Zm5.426,4.523l-1.808,0l0,2.713c0,0.5 0.405,0.905 0.904,0.905c0.5,0 0.904,-0.405 0.904,-0.905l0,-2.713Zm-0.904,-1.809c1.499,0 2.713,-1.215 2.713,-2.714c0,-1.498 -1.214,-2.713 -2.713,-2.713c-1.499,0 -2.713,1.215 -2.713,2.713c0,1.499 1.214,2.714 2.713,2.714Z" style="fill:#28323f"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 3.8 KiB

1
docs/assets/img/layout/privacy-guides-logo-notext.svg
View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100%" height="100%" version="1.1" viewBox="0 0 33 34" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="M4.581,4.337c-0.113,0.379 -0.049,0.822 0.077,1.707l1.604,11.224c0.277,1.939 0.415,2.909 0.782,3.775c0.325,0.768 0.781,1.474 1.346,2.087c0.638,0.691 1.465,1.217 3.117,2.269l2.349,1.495c1.126,0.716 1.69,1.075 2.295,1.214c0.465,0.108 0.947,0.121 1.416,0.042c-0.388,-0.887 -0.603,-1.867 -0.603,-2.897c0,-3.996 3.24,-7.236 7.236,-7.236c1.166,0 2.268,0.276 3.243,0.766c0.069,-0.432 0.14,-0.929 0.223,-1.514l0,-0.001l1.604,-11.224c0.126,-0.885 0.19,-1.328 0.077,-1.707c-0.099,-0.334 -0.292,-0.632 -0.557,-0.859c-0.3,-0.257 -0.73,-0.38 -1.59,-0.626l-9.441,-2.697c-0.296,-0.085 -0.444,-0.127 -0.594,-0.144c-0.134,-0.015 -0.268,-0.015 -0.402,0c-0.15,0.017 -0.298,0.059 -0.594,0.144l-9.441,2.697c-0.86,0.246 -1.29,0.369 -1.59,0.626c-0.265,0.227 -0.458,0.525 -0.557,0.859Z" style="fill:#ffd06f"/><path d="M13.246,2.719c0.066,-0.007 0.134,-0.007 0.201,0c0.057,0.007 0.122,0.022 0.446,0.114l9.44,2.698c0.444,0.126 0.727,0.208 0.94,0.287c0.202,0.075 0.274,0.124 0.311,0.156c0.132,0.113 0.229,0.262 0.278,0.429c0.014,0.047 0.03,0.133 0.016,0.348c-0.015,0.226 -0.056,0.518 -0.122,0.974l-1.346,9.426c-4.125,0.397 -7.351,3.873 -7.351,8.102c0,0.835 0.126,1.641 0.36,2.4l-0.451,0.286c-1.183,0.753 -1.594,1.001 -2.012,1.097c-0.401,0.092 -0.818,0.092 -1.22,0c-0.417,-0.096 -0.829,-0.344 -2.012,-1.097l-2.349,-1.494c-1.693,-1.078 -2.398,-1.535 -2.938,-2.12c-0.495,-0.536 -0.894,-1.153 -1.178,-1.825c-0.31,-0.733 -0.436,-1.564 -0.72,-3.551l-1.603,-11.224c-0.066,-0.456 -0.107,-0.748 -0.121,-0.974c-0.015,-0.215 0.001,-0.301 0.015,-0.348c0.05,-0.167 0.146,-0.316 0.279,-0.429c0.036,-0.032 0.109,-0.081 0.31,-0.156c0.213,-0.079 0.496,-0.161 0.94,-0.287l9.44,-2.698c0.324,-0.092 0.389,-0.107 0.447,-0.114Zm13.306,5.231l-1.318,9.228c4.007,0.508 7.106,3.93 7.106,8.075c0,4.496 -3.644,8.141 -8.14,8.141c-3.01,0 -5.639,-1.634 -7.048,-4.064l-0.212,0.136l-0.135,0.085c-0.996,0.634 -1.683,1.072 -2.443,1.248c-0.668,0.154 -1.364,0.154 -2.032,0c-0.76,-0.176 -1.447,-0.614 -2.443,-1.248l-0.134,-0.085l-2.466,-1.57l0,0c-1.541,-0.98 -2.461,-1.565 -3.179,-2.344c-0.637,-0.689 -1.149,-1.483 -1.515,-2.347c-0.413,-0.976 -0.567,-2.054 -0.825,-3.863l-1.628,-11.392c-0.059,-0.416 -0.111,-0.778 -0.131,-1.081c-0.021,-0.323 -0.012,-0.648 0.087,-0.98c0.148,-0.501 0.439,-0.949 0.835,-1.289c0.264,-0.226 0.557,-0.366 0.86,-0.478c0.285,-0.106 0.636,-0.206 1.04,-0.322l0.031,-0.009l9.44,-2.697l0.05,-0.014c0.247,-0.071 0.465,-0.133 0.693,-0.159c0.2,-0.022 0.402,-0.022 0.603,0c0.227,0.026 0.445,0.088 0.692,0.159l0.05,0.014l9.471,2.706c0.404,0.116 0.755,0.216 1.04,0.322c0.304,0.112 0.596,0.252 0.86,0.478c0.397,0.34 0.687,0.788 0.835,1.289c0.099,0.332 0.108,0.657 0.087,0.98c-0.02,0.303 -0.072,0.665 -0.131,1.08l0,0.001Zm-2.352,10.972c-3.497,0 -6.332,2.835 -6.332,6.331c0,3.497 2.835,6.332 6.332,6.332c3.497,0 6.331,-2.835 6.331,-6.332c0,-3.496 -2.834,-6.331 -6.331,-6.331Zm4.313,4.197c0.319,-0.384 0.268,-0.954 -0.116,-1.274c-0.384,-0.32 -0.954,-0.268 -1.274,0.116l-3.888,4.666l-2.013,-2.013c-0.354,-0.353 -0.926,-0.353 -1.28,0c-0.353,0.353 -0.353,0.926 0,1.279l2.714,2.713c0.18,0.18 0.427,0.276 0.68,0.264c0.254,-0.011 0.492,-0.129 0.654,-0.324l4.523,-5.427Zm-19.689,-10.529c0,-2.497 2.024,-4.522 4.522,-4.522c2.498,0 4.522,2.025 4.522,4.522c0,1.48 -0.71,2.794 -1.809,3.619l0,3.617c0,1.499 -1.214,2.714 -2.713,2.714c-1.499,0 -2.713,-1.215 -2.713,-2.714l0,-3.617c-1.099,-0.825 -1.809,-2.139 -1.809,-3.619Zm5.426,4.523l-1.808,0l0,2.713c0,0.5 0.405,0.905 0.904,0.905c0.5,0 0.904,-0.405 0.904,-0.905l0,-2.713Zm-0.904,-1.809c1.499,0 2.713,-1.215 2.713,-2.714c0,-1.498 -1.214,-2.713 -2.713,-2.713c-1.499,0 -2.713,1.215 -2.713,2.713c0,1.499 1.214,2.714 2.713,2.714Z" style="fill:#28323f"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 3.8 KiB

BIN
docs/assets/img/layout/privacy-guides-logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 18 KiB

1
docs/assets/img/layout/privacy-guides-logo.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

1
docs/assets/img/layout/safari-pinned-tab.svg
View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" width="1333.333" height="1333.333" preserveAspectRatio="xMidYMid meet" version="1.0" viewBox="0 0 1000 1000"><metadata>Created by potrace 1.11, written by Peter Selinger 2001-2013</metadata><g fill="#000" stroke="none"><path d="M4514 8518 c-59 -6 -1852 -510 -2454 -689 -284 -85 -405 -176 -496 -373 -43 -95 -58 -186 -50 -305 6 -99 414 -2975 461 -3251 49 -291 95 -444 191 -630 158 -310 334 -501 684 -742 159 -109 1087 -697 1199 -760 205 -113 334 -150 531 -151 246 -1 385 50 722 261 81 51 150 92 155 92 4 0 30 -34 57 -76 69 -108 151 -207 258 -313 516 -509 1272 -671 1959 -421 258 94 471 231 675 434 360 361 545 803 547 1311 1 174 -10 286 -44 435 -163 721 -756 1286 -1489 1419 -90 17 -95 19 -93 42 1 13 75 533 164 1154 180 1259 185 1306 140 1435 -33 94 -76 164 -148 241 -76 80 -166 130 -328 182 -300 95 -2441 699 -2502 705 -37 4 -100 4 -139 0z m1248 -737 c1456 -416 1379 -392 1424 -443 46 -50 57 -87 51 -170 -6 -67 -318 -2288 -333 -2359 -5 -25 -10 -27 -95 -39 -595 -81 -1143 -483 -1409 -1034 -193 -400 -241 -860 -134 -1275 14 -52 21 -97 17 -101 -18 -17 -340 -215 -406 -250 -115 -61 -168 -75 -287 -75 -198 0 -199 0 -975 495 -620 395 -730 473 -853 605 -87 93 -150 181 -213 300 -87 165 -125 294 -173 590 -57 359 -438 3057 -443 3140 -5 72 -2 97 10 122 33 62 71 89 178 123 204 65 2435 699 2461 700 15 0 546 -148 1180 -329z m1548 -3426 c394 -59 762 -294 985 -630 151 -228 230 -471 242 -747 18 -401 -123 -774 -400 -1065 -393 -411 -978 -556 -1514 -377 -527 176 -905 632 -984 1185 -15 110 -6 387 16 489 84 384 307 712 630 925 301 198 658 275 1025 220z" transform="translate(0.000000,1000.000000) scale(0.100000,-0.100000)"/><path d="M4495 6869 c-350 -26 -671 -241 -835 -560 -212 -413 -131 -896 207 -1225 l93 -91 0 -450 c0 -415 2 -456 20 -527 51 -202 201 -369 392 -436 138 -48 277 -49 415 -1 183 63 328 210 391 396 l27 80 3 474 3 473 32 26 c178 144 318 379 363 611 17 91 19 270 4 367 -33 206 -135 403 -292 561 -215 219 -505 324 -823 302z m281 -443 c189 -60 338 -209 401 -400 23 -69 27 -98 26 -196 0 -129 -22 -212 -85 -318 -152 -258 -488 -370 -769 -256 -410 167 -520 702 -208 1015 170 171 404 228 635 155z m14 -1970 l0 -334 -28 -53 c-22 -43 -38 -59 -82 -82 -48 -25 -63 -28 -114 -24 -73 7 -130 43 -163 106 -23 44 -23 48 -23 383 l0 338 205 0 205 0 0 -334z" transform="translate(0.000000,1000.000000) scale(0.100000,-0.100000)"/><path d="M7835 3732 c-55 -27 -68 -42 -525 -592 -221 -267 -413 -496 -426 -510 l-24 -24 -247 245 c-271 269 -279 275 -383 267 -127 -9 -208 -121 -180 -248 12 -55 15 -58 354 -398 192 -194 358 -352 380 -364 78 -40 180 -22 244 45 75 79 1063 1273 1077 1303 8 18 15 59 15 92 0 51 -5 67 -32 108 -57 83 -168 116 -253 76z" transform="translate(0.000000,1000.000000) scale(0.100000,-0.100000)"/></g></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 2.7 KiB

BIN
docs/assets/img/metadata-removal/exiftool.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.8 KiB

After

Width:  |  Height:  |  Size: 675 B

BIN
docs/assets/img/news-aggregators/feeder.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

2
docs/assets/img/search-engines/brave-search.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="a" x1="31.064" x2="45.126" y1="56.825" y2="56.825" gradientTransform="scale(1.0331 .96797)" gradientUnits="userSpaceOnUse"><stop stop-color="#FFF" offset="0"/><stop stop-color="#F4F4F4" offset="1"/></linearGradient></defs><g transform="matrix(.43756 0 0 .43756 1.2096 2.8221)" fill="none" fill-rule="evenodd"><circle cx="32.25" cy="32.25" r="32.25" stroke="#a4a7ad" stroke-width="5.529"/><circle cx="69.106" cy="61.735" r="5.529" fill="#a4a7ad" fill-rule="nonzero"/><path d="m52.142 26.87-1.448-3.855 1.006-2.215a0.747 0.747 0 0 0-0.157-0.84l-2.736-2.715a4.483 4.483 0 0 0-4.591-1.047l-0.765 0.26-3.997-4.48h-14.697l-3.945 4.534-0.744-0.257a4.494 4.494 0 0 0-4.635 1.058l-2.785 2.765a0.592 0.592 0 0 0-0.124 0.67l1.051 2.298-1.44 3.853 0.932 3.474 4.247 15.832a8.055 8.055 0 0 0 3.182 4.519s5.156 3.566 10.244 6.804c0.448 0.285 0.916 0.494 1.418 0.486 0.502 7e-3 0.97-0.201 1.416-0.487a377.05 377.05 0 0 0 10.236-6.817 8.07 8.07 0 0 0 3.177-4.523l4.227-15.84 0.928-3.478z" fill="#fb542b"/><path d="m47.622 27.635-0.066 0.206-0.105 0.37c-0.424 0.502-0.864 0.991-1.319 1.466l-4.082 4.255c-0.444 0.462-0.695 1.043-0.442 1.627l0.551 1.331c0.253 0.584 0.278 1.551 0.035 2.2a3.922 3.922 0 0 1-1.227 1.689l-0.426 0.34c-0.503 0.402-1.393 0.507-1.979 0.234l-1.88-0.874a9.75 9.75 0 0 1-1.941-1.268l-1.779-1.568a0.798 0.798 0 0 1-0.044-1.162l4.333-2.865c0.537-0.355 0.821-1.012 0.516-1.573l-1.54-2.747c-0.306-0.56-0.428-1.305-0.272-1.655s0.78-0.82 1.387-1.045l5.029-1.832c0.606-0.225 0.574-0.457-0.072-0.517l-3.213-0.234c-0.646-0.06-1.12 0.032-1.744 0.203l-2.432 0.59c-0.625 0.171-0.757 0.822-0.64 1.446l1.004 5.334c0.117 0.624 0.175 1.253 0.128 1.398-0.047 0.144-0.603 0.377-1.236 0.518l-0.831 0.184c-0.633 0.141-1.669 0.147-2.303 0.015l-1.006-0.21c-0.635-0.132-1.192-0.359-1.239-0.503-0.048-0.144 9e-3 -0.774 0.127-1.398l0.997-5.335c0.117-0.624-0.016-1.275-0.641-1.445l-2.433-0.587c-0.624-0.17-1.098-0.26-1.744-0.201l-3.213 0.237c-0.646 0.06-0.678 0.292-0.071 0.517l5.031 1.826c0.607 0.224 1.231 0.694 1.388 1.044s0.035 1.094-0.269 1.654l-1.538 2.749c-0.304 0.56-0.019 1.217 0.519 1.572l4.336 2.861a0.799 0.799 0 0 1-0.042 1.162l-1.778 1.57c-0.594 0.5-1.245 0.926-1.94 1.27l-1.878 0.877c-0.586 0.273-1.476 0.169-1.979-0.231l-0.426-0.34a3.98 3.98 0 0 1-1.25-1.741c-0.223-0.596-0.2-1.562 0.052-2.147l0.55-1.331c0.252-0.585 1e-3 -1.165-0.444-1.627l-4.087-4.25a31.971 31.971 0 0 1-1.32-1.464l-0.106-0.37-0.066-0.207c-7e-3 -0.238 0.08-0.995 0.179-1.2 0.098-0.204 0.476-0.802 0.839-1.328l0.874-1.268c0.364-0.526 0.991-1.362 1.395-1.86l1.282-1.574c0.404-0.496 0.749-0.9 0.801-0.897 2e-3 -3e-3 0.525 0.093 1.162 0.212l1.942 0.365c0.636 0.12 1.339 0.251 1.561 0.292 0.221 0.041 0.908-0.085 1.525-0.281l1.396-0.443c0.687-0.216 1.38-0.407 2.08-0.575l0.489 7e-3 0.488-7e-3c0.7 0.166 1.393 0.357 2.08 0.571l1.398 0.442c0.617 0.195 1.303 0.321 1.525 0.28l1.288-0.243 0.272-0.052 1.942-0.367c0.636-0.12 1.159-0.216 1.197-0.213 0.017-3e-3 0.361 0.4 0.766 0.897l1.284 1.572c0.486 0.604 0.952 1.224 1.398 1.858l0.876 1.266c0.363 0.526 0.931 1.482 0.967 1.7 0.036 0.217 0.06 0.59 0.054 0.827zm-15.271 12.696c0.057 0 0.594 0.198 1.193 0.441l0.556 0.226c0.599 0.243 1.563 0.677 2.141 0.964l1.64 0.816c0.578 0.287 0.62 0.825 0.092 1.195l-1.399 0.98c-0.633 0.45-1.247 0.926-1.842 1.426l-0.465 0.397-1.3 1.111c-0.484 0.415-1.269 0.416-1.744 6e-3 -0.58-0.502-1.163-1.001-1.749-1.497a28.88 28.88 0 0 0-1.847-1.414l-1.394-0.964c-0.53-0.367-0.493-0.907 0.082-1.2l1.649-0.841c0.7-0.351 1.412-0.677 2.135-0.977l0.556-0.226c0.598-0.243 1.135-0.443 1.192-0.443z" fill="url(#a)"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

1
docs/assets/img/search-engines/mini/mojeek.svg
View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" viewBox="0 0 918.886 564.459"><defs><path id="a" d="M897.19 484.072h841.89v595.276H897.19z"/></defs><clipPath id="b"><use xlink:href="#a" overflow="visible"/></clipPath><path fill="#7AB93C" d="M1209.006 794.563c-2.889 0-4.492-1.925-4.492-6.257 0-4.331 2.672-22.802 3.703-31.273 1.916-15.733-7.154-27.134-20.309-27.134-10.424 0-18.377 4.122-24.612 10.76-4.231-6.398-8.983-10.76-18.229-10.76-9.004 0-14.588 3.299-20.086 8.586-2.955-5.809-8.225-8.586-16.104-8.586-6.538 0-15.322 3.279-20.597 6.525l5.875 13.299c4.002-2.227 7.281-3.91 10.101-3.91 3.087 0 4.921 2.226 4.409 6.881-.494 4.493-5.94 55.987-5.94 55.987h17.724s3.479-33.052 4.705-42.995c1.437-11.653 7.08-19.031 15.121-19.031 7.06 0 9.463 5.555 8.957 12.05-.441 5.656-5.588 49.977-5.588 49.977h17.823s3.935-36.743 5.163-45.849c1.598-11.826 9.227-16.178 14.012-16.178 7.868 0 10.262 6.438 9.524 12.535-.599 4.967-2.729 22.455-3.38 31.531-.801 11.222 4.492 19.564 14.52 19.564 6.578 0 13.15-1.875 17.836-4.553l-3.84-13.156c-2.229.965-4.343 1.987-6.296 1.987M1298.631 803.519c-.667 6.565-2.793 9.854-7.759 9.854-2.435 0-5.452-1.002-8.189-2.125l-6.618 15.23c3.631 2.23 11.992 4.011 17.287 4.011 17.166 0 21.497-13.064 23.424-30.712 1.282-12.513 6.981-68.905 6.981-68.905l-18.138 5.145c.001-.001-5.884 56.626-6.988 67.502M1318.053 695.017c-6.881 0-11.783 5.764-12.221 11.856-.439 6.096 3.634 11.858 10.515 11.858 6.278 0 11.783-5.763 12.222-11.858.438-6.092-4.237-11.856-10.516-11.856M1365.962 794.563c-8.629 0-13.677-6.34-15.25-15.156 28.4 1.965 44.107-9.805 44.107-27.117 0-13.957-12.875-22.22-24.546-22.22-22.621 0-38.452 18.69-38.452 43.478 0 22.019 11.6 36.737 31.609 36.737 12.738 0 23.287-5.774 31.497-16.215l-9.434-10.597c-5.81 5.761-11.61 11.09-19.531 11.09m3.83-49.26c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.135-26.628 14.498 2.215-11.558 10.402-21.732 19.027-21.732M1436.418 794.563c-8.629 0-13.677-6.34-15.25-15.156 28.4 1.965 44.107-9.805 44.107-27.117 0-13.957-12.874-22.22-24.547-22.22-22.619 0-38.451 18.69-38.451 43.478 0 22.019 11.601 36.737 31.609 36.737 12.738 0 23.287-5.774 31.498-16.215l-9.435-10.597c-5.81 5.761-11.61 11.09-19.531 11.09m3.831-49.26c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.135-26.627 14.498 2.213-11.558 10.4-21.732 19.026-21.732M1537.646 793.276c-2.09.823-3.927 1.287-6.076 1.287-6.146 0-8.866-5.145-11.388-11.149-1.963-4.677-5.573-14.448-8.574-22.942l27.906-28.797h-21.549c-4.902 4.803-17.541 17.477-23.986 23.947l5.877-57.879-17.893 5.144s-9.643 94.489-10.747 105.366h17.409c.37-3.607 1.461-14.322 2.824-27.738l6.751-7.013c2.084 5.337 4.375 11.784 5.904 15.651 5.209 13.172 10.729 21.133 22.744 21.133 4.685 0 10.344-1.401 14.664-3.596l-3.866-13.414zM1290.075 766.729c0-18.651-11.357-36.642-32.453-36.642-21.782 0-37.321 19.022-37.321 43.539 0 23.661 12.694 36.659 31.625 36.659 24.587.001 38.149-21.389 38.149-43.556m-37.379 27.725c-7.588 0-13.461-6.568-13.461-19.704 0-17.086 8.158-28.957 18.387-28.957 9.465 0 13.393 11.371 13.393 21.979-.001 16.283-9.063 26.682-18.319 26.682" clip-path="url(#b)"/><path fill="#7AB93C" d="M847.721 454.06c-20.283 0-31.543-13.517-31.543-43.936 0-30.411 18.762-160.11 26.003-219.596C855.635 80.055 791.945 0 699.579 0 626.385 0 570.54 28.944 526.755 75.553 497.043 30.628 463.676 0 398.751 0c-63.22 0-102.43 23.165-141.037 60.289C236.966 19.505 199.96 0 144.629 0 98.72 0 37.039 23.023 0 45.816l41.259 93.382c28.094-15.63 51.128-27.453 70.921-27.453 21.677 0 34.554 15.628 30.961 48.316-3.469 31.55-41.713 393.131-41.713 393.131h124.455s24.423-232.082 33.032-301.903c10.09-81.827 49.715-133.634 106.184-133.634 49.567 0 66.443 39.001 62.891 84.613-3.1 39.716-39.237 350.924-39.237 350.924h125.152s27.627-258.003 36.253-321.939c11.219-83.044 64.788-113.598 98.388-113.598 55.249 0 72.057 45.201 66.879 88.02-4.203 34.876-19.166 157.676-23.732 221.407-5.624 78.796 31.542 137.377 101.954 137.377 46.188 0 92.339-13.165 125.239-31.969l-26.963-92.379c-15.647 6.769-30.487 13.949-44.202 13.949"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 4.0 KiB

3
docs/assets/img/search-engines/mini/startpage-dark.svg
View File

@ -1,2 +1 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.19188 0 0 .19188 1.8154 -.041429)"><path d="m0 66c9.1-1.689 18.762-2.603 28-3 1.3-6.296 2.83-12.681 6.637-18 12.41-17.336 35.46-21.755 52.348-8.18 4.758 3.824 8.195 8.636 10.702 14.18 1.25 2.766 1.778 7.917 4.743 9.397 2.391 1.193 5.985 0.603 8.57 0.603h18c-0.765-9.68-3.251-18.41-7.746-27-3.625-6.928-8.506-12.621-14.254-17.907-27.108-24.928-71.206-19.409-93.482 8.907-9.2 11.694-13.516 26.28-13.518 41z" fill="#6573ff"/><path d="m31 78-28 4c4.827 28.032 34.279 46.374 61 46.985 6.392 0.147 12.879-0.875 19-2.706 3.615-1.082 7.401-3.328 10.91-0.857 4.873 3.431 8.736 9.974 12.479 14.578 8.384 10.313 16.507 21.03 25.415 30.895 5.86 6.49 16.56 8.54 22.624 0.997 6.851-8.522 1.213-16.864-4.429-23.892-7.829-9.752-15.941-19.274-23.802-29-2.905-3.594-8.756-8.367-9.754-13-0.773-3.585 3.251-7.965 4.8-11 3.582-7.016 6.129-14.106 6.757-22h-18c-2.679 0-6.219-0.551-8.722 0.603-2.735 1.262-3.591 4.968-4.958 7.397-2.422 4.304-5.475 8.37-9.335 11.482-19.184 15.47-45.75 7.058-55.985-14.482z" fill="#e5e8ff"/></g></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109 122"><g fill="none" fill-rule="nonzero"><path fill="#6573FF" d="M19.61 43.202c.468-12.964 10.896-23.35 23.862-23.767 12.966-.417 24.04 9.28 25.338 22.187 6.56.067 13.113.247 19.66.54C87.332 18.182 67.285-.518 43.284.011 19.284.54.08 20.106 0 44.112v.89a577.397 577.397 0 0 1 19.61-1.8Z"/><path fill="#E5E8FF" d="m78.68 71.932.2-.25a43.63 43.63 0 0 0 9.27-21.83c-6.667-.04-13.333.037-20 .23a24.68 24.68 0 0 1-46.8 3.29c-6.6.74-13.193 1.594-19.78 2.56 5.337 19.169 22.792 32.433 42.69 32.44A43.8 43.8 0 0 0 63 84.202l.28-.13.2.24 27.52 33.3a9.76 9.76 0 0 0 7.55 3.55 9.88 9.88 0 0 0 6.24-2.24c4.159-3.453 4.74-9.62 1.3-13.79l-27.41-33.2Z"/></g></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.2 KiB

After

Width:  |  Height:  |  Size: 705 B

3
docs/assets/img/search-engines/mini/startpage.svg
View File

@ -1,2 +1 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.19188 0 0 .19188 1.8154 -.041429)"><path d="m0 66c9.1-1.689 18.762-2.603 28-3 1.3-6.296 2.83-12.681 6.637-18 12.41-17.336 35.46-21.755 52.348-8.18 4.758 3.824 8.195 8.636 10.702 14.18 1.25 2.766 1.778 7.917 4.743 9.397 2.391 1.193 5.985 0.603 8.57 0.603h18c-0.765-9.68-3.251-18.41-7.746-27-3.625-6.928-8.506-12.621-14.254-17.907-27.108-24.928-71.206-19.409-93.482 8.907-9.2 11.694-13.516 26.28-13.518 41z" fill="#6573ff"/><path d="m31 78-28 4c4.827 28.032 34.279 46.374 61 46.985 6.392 0.147 12.879-0.875 19-2.706 3.615-1.082 7.401-3.328 10.91-0.857 4.873 3.431 8.736 9.974 12.479 14.578 8.384 10.313 16.507 21.03 25.415 30.895 5.86 6.49 16.56 8.54 22.624 0.997 6.851-8.522 1.213-16.864-4.429-23.892-7.829-9.752-15.941-19.274-23.802-29-2.905-3.594-8.756-8.367-9.754-13-0.773-3.585 3.251-7.965 4.8-11 3.582-7.016 6.129-14.106 6.757-22h-18c-2.679 0-6.219-0.551-8.722 0.603-2.735 1.262-3.591 4.968-4.958 7.397-2.422 4.304-5.475 8.37-9.335 11.482-19.184 15.47-45.75 7.058-55.985-14.482z" fill="#202945"/></g></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109 122"><g fill="none" fill-rule="nonzero"><path fill="#6573FF" d="M19.61 43.202c.468-12.964 10.896-23.35 23.862-23.767 12.966-.417 24.04 9.28 25.338 22.187 6.56.067 13.113.247 19.66.54C87.332 18.182 67.285-.518 43.284.011 19.284.54.08 20.106 0 44.112v.89a577.397 577.397 0 0 1 19.61-1.8Z"/><path fill="#212649" d="m78.68 71.932.2-.25a43.63 43.63 0 0 0 9.27-21.83c-6.667-.04-13.333.037-20 .23a24.68 24.68 0 0 1-46.8 3.29c-6.6.74-13.193 1.594-19.78 2.56 5.337 19.169 22.792 32.433 42.69 32.44A43.8 43.8 0 0 0 63 84.202l.28-.13.2.24 27.52 33.3a9.76 9.76 0 0 0 7.55 3.55 9.88 9.88 0 0 0 6.24-2.24c4.159-3.453 4.74-9.62 1.3-13.79l-27.41-33.2Z"/></g></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.2 KiB

After

Width:  |  Height:  |  Size: 705 B

2
docs/assets/img/search-engines/mojeek.svg
View File

@ -1,2 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.22417 0 0 .22417 -9.1709e-7 1.6305)" style="clip-rule:evenodd;fill-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="m120.73 100.08c-2.888 0-4.492-1.924-4.492-6.256 0-4.331 2.672-22.802 3.703-31.273 1.916-15.733-7.154-27.134-20.31-27.134-10.422 0-18.375 4.121-24.612 10.759-4.231-6.397-8.984-10.759-18.229-10.759-9.004 0-14.587 3.299-20.085 8.585-2.956-5.807-8.226-8.585-16.105-8.585-6.539 0-15.323 3.279-20.597 6.524l5.875 13.299c4.001-2.226 7.282-3.91 10.101-3.91 3.087 0 4.921 2.226 4.408 6.882-0.494 4.492-5.939 55.986-5.939 55.986h17.724s3.478-33.052 4.704-42.995c1.436-11.653 7.08-19.031 15.122-19.031 7.058 0 9.463 5.555 8.956 12.05-0.442 5.657-5.588 49.976-5.588 49.976h17.824s3.933-36.742 5.163-45.848c1.596-11.826 9.225-16.178 14.011-16.178 7.869 0 10.262 6.437 9.525 12.536-0.599 4.967-2.731 22.454-3.38 31.531-0.801 11.221 4.493 19.564 14.52 19.564 6.578 0 13.15-1.875 17.836-4.553l-3.84-13.156c-2.229 0.964-4.342 1.986-6.295 1.986z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m210.35 109.03c-0.667 6.566-2.793 9.854-7.759 9.854-2.434 0-5.452-1.002-8.189-2.125l-6.618 15.23c3.631 2.231 11.992 4.011 17.287 4.011 17.166 0 21.497-13.065 23.423-30.712 1.283-12.512 6.982-68.905 6.982-68.905l-18.138 5.145s-5.883 56.626-6.988 67.502z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m229.77 0.53c-6.881 0-11.783 5.763-12.221 11.857-0.439 6.094 3.634 11.858 10.515 11.858 6.278 0 11.783-5.764 12.222-11.858 0.438-6.094-4.238-11.857-10.516-11.857z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m281.51 50.816c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.136-26.628 14.499 2.216-11.56 10.401-21.733 19.027-21.733zm-3.83 49.259c-8.629 0-13.677-6.339-15.25-15.155 28.4 1.965 44.108-9.806 44.108-27.118 0-13.957-12.875-22.22-24.546-22.22-22.621 0-38.453 18.691-38.453 43.477 0 22.019 11.6 36.739 31.61 36.739 12.738 0 23.287-5.776 31.497-16.216l-9.434-10.596c-5.811 5.76-11.611 11.089-19.532 11.089z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m351.97 50.816c4.974 0 7.601 3.216 7.601 7.234 0 10.586-13.015 15.136-26.627 14.499 2.215-11.56 10.4-21.733 19.026-21.733zm-3.83 49.259c-8.629 0-13.677-6.339-15.25-15.155 28.401 1.965 44.108-9.806 44.108-27.118 0-13.957-12.874-22.22-24.546-22.22-22.62 0-38.452 18.691-38.452 43.477 0 22.019 11.6 36.739 31.609 36.739 12.738 0 23.287-5.776 31.498-16.216l-9.435-10.596c-5.811 5.76-11.611 11.089-19.532 11.089z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m449.37 98.788c-2.09 0.824-3.927 1.287-6.076 1.287-6.147 0-8.867-5.144-11.388-11.149-1.963-4.676-5.573-14.448-8.574-22.942l27.906-28.797h-21.549c-4.902 4.803-17.541 17.476-23.986 23.947 2.904-28.595 5.877-57.878 5.877-57.878l-17.893 5.144s-9.642 94.487-10.747 105.36h17.409c0.37-3.607 1.461-14.32 2.824-27.736l6.751-7.014c2.084 5.338 4.375 11.784 5.905 15.651 5.209 13.172 10.729 21.133 22.744 21.133 4.684 0 10.344-1.401 14.664-3.596z" style="fill-rule:nonzero;fill:#79ba3a"/><path d="m164.42 99.966c-7.589 0-13.461-6.568-13.461-19.704 0-17.086 8.158-28.957 18.386-28.957 9.465 0 13.393 11.371 13.393 21.979 0 16.284-9.062 26.682-18.318 26.682zm37.379-27.725c0-18.651-11.358-36.641-32.454-36.641-21.782 0-37.322 19.023-37.322 43.539 0 23.661 12.695 36.659 31.626 36.659 24.588 0 38.15-21.389 38.15-43.557z" style="fill-rule:nonzero;fill:#79ba3a"/></g></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 3.4 KiB

1
docs/assets/img/video-streaming/librarian-dark.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 443 301"><g fill="none" fill-rule="evenodd" transform="translate(7 8)"><path stroke="#FFF" stroke-width="13.479" d="m46.85 153.335 147.023 71.613 200.843-128.54L204.251 0 0 126.961v62.287l194.722 95.724 205.043-128.999"/><ellipse cx="406.752" cy="145.787" fill="#1E88E5" fill-opacity=".997" fill-rule="nonzero" rx="28.441" ry="30.31"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 398 B

1
docs/assets/img/video-streaming/librarian.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 443 301"><g fill="none" fill-rule="evenodd" transform="translate(7 8)"><path stroke="#000007" stroke-width="13.479" d="m46.85 153.335 147.023 71.613 200.843-128.54L204.251 0 0 126.961v62.287l194.722 95.724 205.043-128.999"/><ellipse cx="406.752" cy="145.787" fill="#1E88E5" fill-opacity=".997" fill-rule="nonzero" rx="28.441" ry="30.31"/></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 401 B

3
docs/assets/img/vpn/mini/protonvpn.svg
View File

@ -1 +1,2 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 59 64"><path fill="#56B366" fill-rule="nonzero" d="M58.45 7.096a7.14 7.14 0 0 0-14.282 0v.222L13.046 17.365a7.14 7.14 0 1 0-5.75 11.153 7.046 7.046 0 0 0 2.18-.38l20.442 25.814a7.14 7.14 0 1 0 11.216-2.623l10.869-37.123a7.109 7.109 0 0 0 6.445-7.11h.001Zm-22.086 42.37a7.077 7.077 0 0 0-3.16.79L13.238 24.98c.555-.902.9-1.917 1.011-2.97l31.785-10.142a7.14 7.14 0 0 0 1.106 1.011L36.396 49.466h-.032Z"/></svg>
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><clipPath id="SVGID_00000142168627081468672430000006527680084326249886_"><use xlink:href="#SVGID_1_"/></clipPath><linearGradient id="SVGID_00000088853459014864040730000009902632102805990829_" x1="536.6" x2="292.94" y1="1113.2" y2="64.084" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#24ECC6" stop-opacity="0" offset=".4799"/><stop stop-color="#24ECC6" offset=".9944"/></linearGradient><linearGradient id="SVGID_00000075863372972845837890000016599907698185993344_" x1="759.68" x2="219.42" y1="79.312" y2="1003.2" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#ABFFEF" offset=".066012"/><stop stop-color="#CAC9FF" offset=".4499"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><rect id="SVGID_1_" width="862" height="787"/></defs><g transform="matrix(.039294 0 0 .039294 3.7235e-7 1.4686)"><clipPath><use xlink:href="#SVGID_1_"/></clipPath><g clip-path="url(#SVGID_00000142168627081468672430000006527680084326249886_)"><path class="st1" d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.1c-72.7-8.3-124.4 68.9-89.1 132.9z" clip-rule="evenodd" fill="#6851f6" fill-rule="evenodd"/><path d="m346.3 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.2c-72.7-8.3-124.4 68.9-89 132.9z" clip-rule="evenodd" fill="url(#SVGID_00000088853459014864040730000009902632102805990829_)" fill-rule="evenodd"/><path d="m396.4 638.7-30.8 46.3c-12.5 18.7-40.4 17.6-51.2-2.1l31.7 57.5c5.7 10.2 12.8 18.8 21.1 25.7 39.3 33 102.2 27.1 133-19.8l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.5-78.2c-72.7-8.4-124.4 68.9-89.1 132.9l2.7 4.9 580.1 67.1c37 4.3 56.5 46 36 77.1z" fill="url(#SVGID_00000075863372972845837890000016599907698185993344_)"/></g></g></svg>

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 461 B

After

Width:  |  Height:  |  Size: 2.0 KiB

2
docs/assets/img/vpn/protonvpn.svg
View File

@ -1,2 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(0 -263.13)"><g transform="matrix(.072143 0 0 .072143 -44.234 303.31)" fill="#56b366" stroke-width="11.587"><path class="cls-3" d="m827.51-413.3a26.188 26.188 0 0 0-52.375 0v0.81114l-114.14 36.848a26.187 26.187 0 1 0-21.089 40.903 25.84 25.84 0 0 0 7.9953-1.3905l74.97 94.669a26.187 26.187 0 1 0 41.135-9.6176l39.861-136.15a26.072 26.072 0 0 0 23.638-26.072zm-80.996 155.39a25.956 25.956 0 0 0-11.587 2.8968l-73.232-92.699a25.956 25.956 0 0 0 3.708-10.892l116.57-37.196a26.187 26.187 0 0 0 4.0559 3.708l-39.397 134.18z"/><path class="cls-4" d="m904.22-406.81h62.572c31.981 0 54.113 18.076 54.113 48.088 0 31.981-23.175 49.131-55.503 49.131h-39.05v67.786h-22.016zm22.016 78.678h38.123c22.48 0 33.951-10.892 33.951-30.127 0-19.235-13.789-30.127-33.14-30.127h-38.818z"/><path class="cls-4" d="m1045.5-329.29v-32.676h20.394c0 3.3604 0.6954 12.746 0.6954 24.449a42.062 42.062 0 0 1 40.324-27.23v20.626c-24.681 0.69524-40.324 13.789-40.324 44.148v57.937h-21.089z"/><path class="cls-4" d="m1229.8-302.29c0 34.762-19.93 63.267-56.662 63.267-34.762 0-55.272-26.535-55.272-62.804 0-36.269 20.394-63.035 56.662-63.035 33.14 0 55.272 24.913 55.272 62.572zm-90.614 0c0 26.535 13.325 45.77 34.762 45.77 21.437 0 34.762-18.308 34.762-45.538 0-27.23-12.282-45.77-34.762-45.77-22.48 0-34.646 18.54-34.646 45.77z"/><path class="cls-4" d="m1241.5-362.2h20.857v-35.342h20.626v35.342h26.535v16.802h-26.535v70.451c0 11.587 2.897 17.845 13.789 17.845a54.924 54.924 0 0 0 10.429-0.92699v15.643a55.504 55.504 0 0 1-18.076 2.0857c-18.772 0-26.767-9.7334-26.767-29.664v-75.202h-20.857z"/><path class="cls-4" d="m1434.3-302.29c0 34.762-19.93 63.267-56.662 63.267-34.762 0-55.272-26.535-55.272-62.804 0-36.269 20.394-63.035 56.662-63.035 33.372 0 55.272 24.913 55.272 62.572zm-90.613 0c0 26.535 13.325 45.77 34.762 45.77 21.437 0 34.762-18.308 34.762-45.538 0-27.23-12.283-45.77-34.762-45.77-22.48 0-34.762 18.54-34.762 45.77z"/><path class="cls-4" d="m1461.3-331.61v-30.359h20.162a181.69 181.69 0 0 1 0.927 19.699 37.659 37.659 0 0 1 37.659-22.48c23.175 0 40.324 13.789 40.324 45.77v77.288h-20.858v-74.739c0-18.308-7.0681-30.359-25.376-30.359-23.175 0-31.749 17.265-31.749 41.483v63.499h-20.857z"/><path class="cls-4" d="m1628.1-241.81-60.023-165h23.175l28.969 82.27c8.5745 24.218 17.033 48.551 20.625 63.731 3.592-13.557 12.746-39.165 21.553-63.035l30.359-82.966h22.48l-62.108 165z"/><path class="cls-4" d="m1740.7-406.81h62.572c31.981 0 54.113 18.076 54.113 48.088 0 31.981-23.175 49.131-55.504 49.131h-39.166v67.786h-22.016zm22.016 78.678h38.123c22.479 0 33.951-10.892 33.951-30.127 0-19.235-13.789-30.127-33.256-30.127h-38.934z"/><path class="cls-4" d="m1888.9-241.81v-165h28.968c23.175 38.702 75.202 120.74 84.356 139.05-1.622-21.089-1.3905-47.161-1.3905-73.928v-65.121h20.626v165h-26.999c-21.784-35.805-75.434-123.99-85.631-142.52 1.1586 18.772 1.1586 46.35 1.1586 76.593v65.932z"/></g></g></svg>
<svg width="384" height="128" version="1.1" viewBox="0 0 101.6 33.867" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><clipPath id="SVGID_00000124143326424118090040000000686822535870151078_"><use xlink:href="#SVGID_1_"/></clipPath><linearGradient id="SVGID_00000083796956185287615240000010885015769944861357_" x1="536.48" x2="292.82" y1="1113.2" y2="64.084" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#24ECC6" stop-opacity="0" offset=".4799"/><stop stop-color="#24ECC6" offset=".9944"/></linearGradient><linearGradient id="SVGID_00000005978595599017039650000002259067875620926859_" x1="759.68" x2="219.42" y1="79.312" y2="1003.2" gradientTransform="matrix(1,0,0,-1,0,788)" gradientUnits="userSpaceOnUse"><stop stop-color="#ABFFEF" offset=".066012"/><stop stop-color="#CAC9FF" offset=".4499"/><stop stop-color="#6D4AFF" offset="1"/></linearGradient><rect id="SVGID_1_" width="4520" height="787"/></defs><g transform="matrix(.022482 0 0 .022482 -.00026509 8.0851)"><clipPath><use xlink:href="#SVGID_1_"/></clipPath><g clip-path="url(#SVGID_00000124143326424118090040000000686822535870151078_)"><g fill="#6d4aff"><path class="st1" d="m3909.1 150h-223.4v483.9h88.5v-120.5c0-11.7 4.7-23 13-31.3s19.5-12.9 31.2-12.9h90.7c42.2 0 82.7-16.8 112.6-46.6 29.9-29.9 46.7-70.4 46.7-112.6 0.1-21-4-41.8-11.9-61.2-8-19.4-19.7-37-34.5-51.9s-32.4-26.7-51.8-34.7c-19.4-8.1-40.2-12.2-61.1-12.2zm69.6 158.8c0 9.9-1.9 19.7-5.8 28.9-3.8 9.2-9.4 17.5-16.4 24.5s-15.4 12.6-24.5 16.3c-9.2 3.8-19 5.7-28.9 5.7h-129.4v-150.8h129.4c10 0 19.8 2 29 5.8s17.5 9.4 24.5 16.5c7 7 12.6 15.4 16.3 24.6 3.8 9.2 5.7 19.1 5.6 29z"/><path class="st1" d="m3374.9 632.1-178.3-483.5h100.7l117.3 346c4.6 12.4 7.9 25.2 9.9 38.2h1c1.4-13.2 4.8-26 9.9-38.2l117.6-346h101.3l-179.2 483.5z"/><path class="st1" d="m4101.3 632.1v-483.5h77.5l228.3 299.9c8.2 10.3 15.3 21.5 21.3 33.2h1.4c-1.5-14.6-2.3-29.2-2.2-43.9v-289.2h91.5v483.5h-77.5l-228.9-299.9c-8.1-10.4-15.2-21.5-21.2-33.2h-0.8c1.2 14.6 1.7 29.2 1.5 43.9v289.3h-90.9z"/></g><g fill="#1b1340"><path class="st2" d="m1434.2 147.2h-223.4v483.9h88.5v-120.5c0-11.7 4.7-23 12.9-31.3 8.3-8.3 19.5-12.9 31.2-12.9h90.7c42.2 0 82.7-16.8 112.6-46.6s46.6-70.4 46.6-112.6c0.1-21-4-41.8-11.9-61.2-8-19.4-19.7-37-34.5-51.9s-32.4-26.7-51.8-34.7c-19.2-8.1-39.9-12.2-60.9-12.2zm69.7 158.8c0 9.9-1.9 19.7-5.8 28.9-3.8 9.2-9.4 17.5-16.4 24.5s-15.3 12.6-24.5 16.3c-9.2 3.8-19 5.7-28.9 5.7h-129.4v-150.8h129.4c9.9 0 19.8 2 29 5.8s17.5 9.4 24.5 16.5c7 7 12.6 15.4 16.3 24.6 3.8 9.2 5.7 19.1 5.6 29z"/><path class="st2" d="m1607.4 631.3v-192c0-78.3 45.8-140.6 137.3-140.6 14.7-0.2 29.4 1.4 43.7 4.8v79c-10.4-0.7-19.9-0.7-23.6-0.7-48.5 0-69.7 22.2-69.7 67.2v182.4h-87.7z"/><path class="st2" d="m1814.6 468.3c0-96.3 72.8-169.7 174-169.7s173.9 73.5 173.9 169.7c0 96.3-72.8 170.5-173.9 170.5s-174-74.1-174-170.5zm261.3 0c0-54.7-36.7-93.6-87.3-93.6s-87.4 38.8-87.4 93.6c0 54.7 36.7 93.6 87.4 93.6s87.3-38.1 87.3-93.6z"/><path class="st2" d="m2417.5 375.4h-94.9v121.3c0 42.3 15.2 61.6 58.8 61.6 4.2 0 14.6 0 27.8-0.7v71.5c-16.7 4.8-33.9 7.3-51.3 7.6-73.5 0-123.4-44.3-123.4-128.2v-133.1h-58.8v-69.7h14.6c11.7 0 23-4.7 31.2-12.9 8.3-8.3 12.9-19.5 12.9-31.2v-66.3h88.1v110.2h94.9v69.9z"/><path class="st2" d="m2443.9 468.3c0-96.3 72.8-169.7 173.9-169.7s174 73.5 174 169.7c0 96.3-72.8 170.5-174 170.5s-173.9-74.1-173.9-170.5zm261.3 0c0-54.7-36.7-93.6-87.4-93.6s-87.3 38.8-87.3 93.6c0 54.7 36.7 93.6 87.3 93.6s87.4-38.1 87.4-93.6z"/><path class="st2" d="m2837.5 631.3v-185.5c0-86 54.8-147.6 152.5-147.6 97.8 0 151.8 62 151.8 147.6v185h-87.3v-177.7c0-47.8-21.5-77.6-64.5-77.6s-64.4 29.9-64.4 77.6v178.2z"/></g><path class="st3" d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.1c-72.7-8.4-124.4 68.9-89.1 132.9z" clip-rule="evenodd" fill="#6d4aff" fill-rule="evenodd"/><path d="m346.1 740.3c32.8 59.3 116.9 62.6 154 5.9l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.4-78.2c-72.6-8.3-124.4 68.9-89 132.9z" clip-rule="evenodd" fill="url(#SVGID_00000083796956185287615240000010885015769944861357_)" fill-rule="evenodd"/><path d="m396.4 638.7-30.8 46.3c-12.5 18.7-40.4 17.6-51.2-2.1l31.7 57.5c5.7 10.2 12.8 18.8 21.1 25.7 39.3 33 102.2 27.1 133-19.8l346.7-528.4c36.8-56 1.6-131.2-65-138.8l-681.5-78.2c-72.7-8.4-124.4 68.9-89.1 132.9l2.7 4.9 580.1 67.1c37 4.3 56.5 46 36 77.1z" fill="url(#SVGID_00000005978595599017039650000002259067875620926859_)"/></g></g></svg>

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.0 KiB

After

Width:  |  Height:  |  Size: 4.4 KiB

0
docs/javascripts/LICENSE.mathjax.txt → docs/assets/javascripts/LICENSE.mathjax.txt
View File

0
docs/javascripts/feedback.js → docs/assets/javascripts/feedback.js
View File

0
docs/javascripts/mathjax.js → docs/assets/javascripts/mathjax.js
View File

0
docs/javascripts/output/chtml/fonts/woff-v2/MathJax_Main-Regular.woff → docs/assets/javascripts/output/chtml/fonts/woff-v2/MathJax_Main-Regular.woff
View File

0
docs/javascripts/output/chtml/fonts/woff-v2/MathJax_Zero.woff → docs/assets/javascripts/output/chtml/fonts/woff-v2/MathJax_Zero.woff
View File

1
docs/assets/logo.svg
View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100%" height="100%" version="1.1" viewBox="0 0 50 50" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><g><path d="M18.466,16.31C18.279,16.938 18.384,17.673 18.594,19.141L21.253,37.755C21.713,40.971 21.942,42.578 22.551,44.015C23.09,45.289 23.845,46.46 24.783,47.476C25.842,48.623 27.212,49.494 29.952,51.238L33.848,53.717C35.716,54.906 36.65,55.5 37.654,55.732C38.426,55.91 39.224,55.933 40.003,55.801C39.359,54.33 39.002,52.706 39.002,50.997C39.002,44.37 44.375,38.997 51.002,38.997C52.936,38.997 54.763,39.455 56.381,40.267C56.494,39.55 56.612,38.726 56.751,37.755L59.41,19.141C59.62,17.673 59.725,16.938 59.538,16.31C59.374,15.756 59.053,15.261 58.615,14.885C58.117,14.458 57.403,14.255 55.977,13.847L40.321,9.374C39.83,9.234 39.585,9.164 39.335,9.136C39.114,9.111 38.891,9.111 38.669,9.136C38.42,9.164 38.174,9.234 37.684,9.374L22.027,13.847C20.601,14.255 19.887,14.458 19.39,14.885C18.951,15.261 18.63,15.756 18.466,16.31Z" transform="matrix(0.902851,0,0,0.902851,-9.0245,-8.23146)" style="fill:#fff"/></g><g><path d="M32.836,13.626C32.946,13.614 33.058,13.614 33.169,13.626C33.265,13.637 33.371,13.663 33.909,13.816L49.565,18.289C50.3,18.5 50.771,18.635 51.123,18.765C51.458,18.89 51.578,18.972 51.638,19.024C51.858,19.212 52.018,19.459 52.1,19.736C52.123,19.813 52.149,19.956 52.126,20.313C52.102,20.688 52.034,21.172 51.925,21.929L49.692,37.56C42.851,38.219 37.502,43.983 37.502,50.997C37.502,52.382 37.711,53.718 38.098,54.976L37.351,55.452C35.388,56.701 34.706,57.11 34.014,57.27C33.348,57.424 32.657,57.424 31.991,57.27C31.298,57.11 30.616,56.701 28.654,55.452L24.758,52.973C21.95,51.186 20.781,50.428 19.886,49.458C19.065,48.569 18.404,47.545 17.932,46.43C17.418,45.215 17.209,43.837 16.738,40.543L14.079,21.929C13.971,21.172 13.903,20.688 13.878,20.313C13.855,19.956 13.881,19.813 13.904,19.736C13.986,19.459 14.147,19.212 14.366,19.024C14.427,18.972 14.547,18.89 14.881,18.765C15.234,18.635 15.704,18.5 16.439,18.289L32.096,13.816C32.633,13.663 32.74,13.637 32.836,13.626ZM54.903,22.301L52.716,37.605C59.363,38.447 64.502,44.122 64.502,50.997C64.502,58.453 58.458,64.497 51.002,64.497C46.01,64.497 41.651,61.787 39.315,57.758L38.962,57.983L38.739,58.124C37.088,59.177 35.947,59.903 34.688,60.194C33.579,60.449 32.426,60.449 31.317,60.194C30.058,59.903 28.917,59.177 27.265,58.124L27.043,57.983L22.954,55.381C20.398,53.754 18.873,52.784 17.681,51.493C16.626,50.35 15.776,49.033 15.17,47.6C14.484,45.982 14.229,44.193 13.801,41.194L11.102,22.301C11.003,21.611 10.918,21.012 10.885,20.508C10.85,19.973 10.864,19.435 11.028,18.883C11.274,18.052 11.756,17.31 12.414,16.746C12.851,16.372 13.336,16.139 13.839,15.952C14.312,15.777 14.895,15.611 15.564,15.419L15.615,15.405L31.271,10.932L31.354,10.908C31.764,10.791 32.125,10.687 32.502,10.645C32.835,10.608 33.17,10.608 33.502,10.645C33.88,10.687 34.241,10.791 34.65,10.908L34.733,10.932L50.44,15.419C51.11,15.611 51.692,15.777 52.166,15.952C52.668,16.139 53.154,16.372 53.591,16.746C54.249,17.31 54.73,18.052 54.977,18.883C55.14,19.435 55.155,19.973 55.12,20.508C55.087,21.012 55.001,21.611 54.903,22.3L54.903,22.301ZM51.002,40.497C45.203,40.497 40.502,45.198 40.502,50.997C40.502,56.796 45.203,61.497 51.002,61.497C56.801,61.497 61.502,56.796 61.502,50.997C61.502,45.198 56.801,40.497 51.002,40.497ZM58.154,47.458C58.685,46.821 58.599,45.875 57.962,45.345C57.326,44.815 56.38,44.9 55.85,45.537L49.401,53.275L46.063,49.936C45.477,49.351 44.527,49.351 43.942,49.936C43.356,50.522 43.356,51.472 43.942,52.058L48.442,56.558C48.74,56.856 49.149,57.015 49.57,56.996C49.991,56.977 50.385,56.781 50.654,56.458L58.154,47.458ZM25.502,29.997C25.502,25.855 28.86,22.497 33.002,22.497C37.144,22.497 40.502,25.855 40.502,29.997C40.502,32.451 39.324,34.629 37.502,35.998L37.502,41.997C37.502,44.483 35.488,46.497 33.002,46.497C30.517,46.497 28.502,44.483 28.502,41.997L28.502,35.998C26.681,34.629 25.502,32.451 25.502,29.997ZM34.502,37.497L31.502,37.497L31.502,41.997C31.502,42.826 32.174,43.497 33.002,43.497C33.831,43.497 34.502,42.826 34.502,41.997L34.502,37.497ZM33.002,34.497C35.488,34.497 37.502,32.483 37.502,29.997C37.502,27.512 35.488,25.497 33.002,25.497C30.517,25.497 28.502,27.512 28.502,29.997C28.502,32.483 30.517,34.497 33.002,34.497Z" transform="matrix(0.902851,0,0,0.902851,-9.0245,-8.23146)" style="fill:#28323f"/></g></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 4.3 KiB

150
docs/stylesheets/extra.css → docs/assets/stylesheets/extra.css
View File

@ -1,12 +1,12 @@
@font-face {
font-family: 'Bagnard';
src: url("/assets/fonts/bagnard/Bagnard.woff") format("woff");
src: url("/assets/brand/WOFF/bagnard/Bagnard.woff") format("woff");
font-display: swap;
}
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-Bold.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-Bold.woff2') format('woff2');
font-weight: bold;
font-style: normal;
font-display: swap;
@ -14,7 +14,7 @@
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-BoldItalic.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-BoldItalic.woff2') format('woff2');
font-weight: bold;
font-style: italic;
font-display: swap;
@ -22,7 +22,7 @@
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-Light.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-Light.woff2') format('woff2');
font-weight: 300;
font-style: normal;
font-display: swap;
@ -30,7 +30,7 @@
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-Italic.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-Italic.woff2') format('woff2');
font-weight: normal;
font-style: italic;
font-display: swap;
@ -38,7 +38,7 @@
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-Regular.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-Regular.woff2') format('woff2');
font-weight: normal;
font-style: normal;
font-display: swap;
@ -46,7 +46,7 @@
@font-face {
font-family: 'DM Mono';
src: url('/assets/fonts/dm_mono/DMMono-Regular.woff2') format('woff2');
src: url('/assets/brand/WOFF/dm_mono/DMMono-Regular.woff2') format('woff2');
font-weight: normal;
font-style: normal;
font-display: swap;
@ -54,7 +54,7 @@
@font-face {
font-family: 'DM Mono';
src: url('/assets/fonts/dm_mono/DMMono-Medium.woff2') format('woff2');
src: url('/assets/brand/WOFF/dm_mono/DMMono-Medium.woff2') format('woff2');
font-weight: 500;
font-style: normal;
font-display: swap;
@ -79,7 +79,7 @@
/* Better contrast link colors */
[data-md-color-scheme="default"] > * {
--md-typeset-a-color: #3C00E0;
--md-typeset-a-color: rgb(79, 70, 229);
}
[data-md-color-scheme="slate"] {
@ -90,6 +90,7 @@
.md-typeset .md-button {
color: var(--md-typeset-a-color);
margin-bottom: 5px;
border-radius: 6px;
}
.md-typeset .md-button--primary {
color: white;
@ -107,9 +108,13 @@ h1, h2, h3, .md-header__topic {
/* Recommendation cards */
.md-typeset .admonition.recommendation,
.md-typeset details.recommendation {
border: none;
border: 1px solid #ccc;
font-size: inherit;
}
[data-md-color-scheme="slate"] .md-typeset .admonition.recommendation,
[data-md-color-scheme="slate"] .md-typeset details.recommendation {
border: 1px solid #666;
}
.md-typeset .recommendation > .admonition-title,
.md-typeset .recommendation > summary {
background-color: rgba(43, 155, 70, 0.0);
@ -146,12 +151,32 @@ h1, h2, h3, .md-header__topic {
right:auto;
}
.downloads p > a {
padding-left: 0.5em;
}
details[class="downloads annotate"] > p .md-annotation span span::before {
vertical-align: 0;
}
/* Card links */
.md-typeset .card-link {
color: var(--md-default-fg-color--light);
}
.md-typeset .card-link:hover {
color: var(--md-accent-fg-color);
}
.md-typeset .card-link:not(:first-child) {
padding-left: 0.5em;
}
/* Correct page icon size */
.md-nav__link svg {
width: 22px;
}
/* Unsticky sidebar without JS */
/* Un-sticky sidebar without JS */
.no-js .md-sidebar {
align-self: auto;
}
@ -170,4 +195,105 @@ h1, h2, h3, .md-header__topic {
left: 0;
width: 100%;
height: 100%;
}
}
/* Badge colors */
.pg-purple {
color: #603aa0;
}
[data-md-color-scheme="slate"] .pg-purple {
color: #af94de;
}
.pg-red {
color: #c0322f;
}
[data-md-color-scheme="slate"] .pg-red {
color: #ff6c6a;
}
.pg-orange {
color: #ac2f09;
}
[data-md-color-scheme="slate"] .pg-orange {
color: #e97b5a;
}
.pg-teal {
color: #04756a;
}
[data-md-color-scheme="slate"] .pg-teal {
color: #8dc6c1;
}
.pg-brown {
color: #8d6e62;
}
[data-md-color-scheme="slate"] .pg-brown {
color: #b6988c;
}
.pg-blue {
color: #0e66ae;
}
[data-md-color-scheme="slate"] .pg-blue {
color: #74b9f1;
}
.pg-green {
color: #2e7e31;
}
[data-md-color-scheme="slate"] .pg-green {
color: #72cd75;
}
.pg-blue-gray {
color: #546d78;
}
[data-md-color-scheme="slate"] .pg-blue-gray {
color: #9ab2bc;
}
/* Make light/dark mode icon smaller */
label[class="md-header__button md-icon"] svg {
height: 1rem;
width: 1rem;
}
.md-typeset :is(.admonition, details) {
box-shadow: none;
border-radius: 6px;
border: 1px solid;
border-left-width: 1px!important;
}
.md-typeset :is(.admonition-title, summary) {
margin-left: -0.6rem!important;
}
.md-typeset details:not(.downloads, [open]) summary:hover {
box-shadow: inset 0 0 100px 100px rgba(255, 255, 255, 0.6);
}
[data-md-color-scheme="slate"] .md-typeset details:not(.downloads, [open]) summary:hover {
box-shadow: inset 0 0 100px 100px rgba(255, 255, 255, 0.1);
}
[data-md-color-scheme="default"] .md-search__form {
background-color: hsla(0,0%,100%,.3);
}
.md-search__form:hover {
background-color: hsla(0,0%,100%,.9);
}
[data-md-color-scheme="slate"] .md-search__form:hover {
background-color: rgba(0, 0, 0, 0.4);
}
.md-search__form, .md-typeset .grid.cards > :is(ul, ol) > li, .md-typeset .grid > .card {
border-radius: 6px;
}
[data-md-toggle="search"]:checked ~ .md-header .md-search__form {
border-radius: 6px 6px 0 0;
box-shadow: none;
}
[data-md-toggle="search"]:checked ~ .md-header .md-search__output {
border-radius: 0 0 6px 6px;
box-shadow: none;
}
.md-tooltip {
border-radius: 6px;
box-shadow: none;
border: 1px solid rgba(128, 128, 128, 0.3);
}
.md-typeset .grid.cards > :is(ul, ol) > li:is(:focus-within, :hover), .md-typeset .grid > .card:is(:focus-within, :hover) {
box-shadow: none;
border-color: rgba(128, 128, 128, 0.5);
}

0
theme/overrides/home.css → docs/assets/stylesheets/home.css
View File

63
docs/basics/account-deletion.en.md Normal file
View File

@ -0,0 +1,63 @@
---
title: "Account Deletion"
icon: 'material/account-remove'
---
Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence.
## Finding Old Accounts
### Password Manager
If you have a password manager that you've used for your entire digital life, this part will be very easy. Oftentimes, they include built-in functionality for detecting if your credentials were exposed in a data breach—such as Bitwarden's [Data Breach Report](https://bitwarden.com/blog/have-you-been-pwned/).
<figure markdown>
![Bitwarden's Data Breach Report feature](../assets/img/account-deletion/exposed_passwords.png)
</figure>
Even if you haven't explicitly used a password manager before, there's a chance you've used the one in your browser or your phone without even realizing it. For example: [Firefox Password Manager](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Google Password Manager](https://passwords.google.com/intro)
and [Edge Password Manager](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336).
Desktop platforms also often have a password manager which may help you recover passwords you've forgotten about:
- Windows [Credential Manager](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0)
- macOS [Passwords](https://support.apple.com/en-us/HT211145)
- iOS [Passwords](https://support.apple.com/en-us/HT211146)
- Linux, Gnome Keyring, which can be accessed through [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en), or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager)
### Email
If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
### Log In
In order to delete your old accounts, you'll need to first make sure you can log in to them. Again, if the account was in your password manager, this step is easy. If not, you can try to guess your password. Failing that, there are typically options to regain access to your account, commonly available through a "forgot password" link on the login page. It may also be possible that accounts you've abandoned have already been deleted—sometimes services prune all old accounts.
When attempting to regain access, if the site returns an error message saying that email is not associated with an account, or you never receive a reset link after multiple attempts, then you do not have an account under that email address and should try a different one. If you can't figure out which email address you used, or you no longer have access to that email, you can try contacting the service's customer support. Unfortunately there is no guarantee that you will be able to reclaim access your account.
### GDPR (EEA residents only)
Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://www.gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service, or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
### Overwriting Account information
In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information.
For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](/email/#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails.
### Delete
You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some.
For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](basics/multi-factor-authentication) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](/passwords/#local-password-managers) can be useful for this).
If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password.
Even when you are able to delete an account, there is no guarantee that all your information will be removed. In fact, some companies are required by law to keep certain information, particularly when related to financial transactions. It's mostly out of your control what happens to your data when it comes to websites and cloud services.
## Avoid New Accounts
As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you!
--8<-- "includes/abbreviations.en.md"

163
docs/basics/common-threats.en.md Normal file
View File

@ -0,0 +1,163 @@
---
title: "Common Threats"
icon: 'material/eye-outline'
---
Broadly speaking, we categorize our recommendations into these general categories of [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat imaginable.
- <span class="pg-purple">:material-incognito: Anonymity</span> - Shielding your online activity from your real-life identity, protecting you from people who are trying to uncover *your* identity specifically
- <span class="pg-red">:material-target-account: Targeted Attacks</span> - Being protected from dedicated hackers or other malicious agents trying to gain access to *your* data or devices specifically
- <span class="pg-orange">:material-bug-outline: Passive Attacks</span> - Being protected from things like malware, data breaches, and other attacks that are made against many people at once
- <span class="pg-teal">:material-server-network: Service Providers</span> - Protecting your data from service providers, e.g. with end-to-end encryption rendering your data unreadable to the server
- <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> - Protection from government agencies, organizations, websites, and services working together to track your activities
- <span class="pg-brown">:material-account-cash: Surveillance Capitalism</span> - Protecting yourself from big advertising networks like Google and Facebook, as well as a myriad of other third-party data collectors
- <span class="pg-green">:material-account-search: Public Exposure</span> - Limiting the information about you online that is accessible to search engines or the general public
- <span class="pg-blue-gray">:material-close-outline: Censorship</span> - Avoiding censored access to information and being censored yourself when speaking online
Some of these threats may weigh more than others depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with <span class="pg-red">:material-target-account: Targeted Attacks</span>, but beyond that they probably still want to protect their personal data from being swept up in <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> programs. Similarly, an "Average Joe" may be primarily concerned with <span class="pg-green">:material-account-search: Public Exposure</span> of their personal data, but they should still be wary of security-focused issues such as <span class="pg-orange">:material-bug-outline: Passive Attacks</span> like malware affecting their devices.
## Anonymity vs Privacy
<span class="pg-purple">:material-incognito: Anonymity</span>
Anonymity is often confused for privacy, but it's a distinct concept. While privacy is a set of choices you make about how your data is used and shared, anonymity is the complete disassociation of your online activities from your real-life identity.
Whistleblowers and journalists, for example, can have a much more extreme threat model requiring total anonymity. That's not only hiding what they do, what data they have, and not getting hacked by hackers or governments, but also hiding who they are entirely. They will sacrifice any kind of convenience if it means protecting their anonymity, privacy, or security, as their lives could depend on it. Most regular people do not need to go so far.
## Security and Privacy
<span class="pg-orange">:material-bug-outline: Passive Attacks</span>
Security and privacy are often conflated, because you need security to obtain any semblance of privacy: Using tools which appear private is futile if they could easily be exploited by attackers to release your data later. However, the inverse is not necessarily true; the most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google, who, given their scale, have had minimal security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides a very secure service, very few would consider their data private in their hands.
When it comes to application security, we generally do not (and sometimes cannot) know if the software that we use is malicious, or might one day become malicious. Even with the most trustworthy developers, there is generally no guarantee that their software does not have a serious vulnerability that could later be exploited.
To minimize the potential damage that a malicious piece of software can do, you should employ security by compartmentalization. This could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control.
!!! tip
Mobile operating systems are generally safer than desktop operating systems when it comes to application sandboxing. Apps cannot obtain root access and only have access to system resources which you grant them.
Desktop operating systems generally lag behind on proper sandboxing. Chrome OS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of VMs or containers, such as Qubes OS.
<span class="pg-red">:material-target-account: Targeted Attacks</span>
Targeted attacks against a specific user are more problematic to deal with. Common avenues of attack include sending malicious documents via emails, exploiting vulnerabilities in the browser and operating systems, and physical attacks. If this is a concern for you, you may have to employ more advanced threat mitigation strategies.
!!! tip
**Web browsers**, **email clients**, and **office applications** all typically run untrusted code sent to you from third-parties by design. Running multiple virtual machines to separate applications like these from your host system as well as each other is one technique you can use to avoid an exploit in these applications from compromising the rest of your system. Technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this seamlessly, for example.
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, or macOS. You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure Element for rate limiting attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems do not encrypt data separately per-user.
## Privacy From Service Providers
<span class="pg-teal">:material-server-network: Service Providers</span>
We live in a world where almost everything is connected to the internet. Our "private" messages, emails, social interactions are typically stored on a server somewhere. Generally, when you send someone a message, that message is then stored on a server, and when your friend wants to read the message, the server will show it to them.
The obvious problem with this is that the service provider (or a hacker who has compromised the server) can look into your "private" conversations whenever and however they want, without you ever knowing. This applies to many common services like SMS messaging, Telegram, Discord, and so on.
Thankfully, end-to-end encryption can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, so long as the service provider does not have access to the private keys of either party.
??? note "Note on web-based encryption"
In practice, the effectiveness of different end-to-end encryption implementations varies. Applications such as [Signal](../real-time-communication.md#signal) run natively on your device, and every copy of the application is the same across different installations. If the service provider were to backdoor their application in an attempt to steal your private keys, that could later be detected using reverse engineering.
On the other hand, web based end-to-end encryption implementations such as Proton Mail's webmail or Bitwarden's web vault rely on the server dynamically serving JavaScript code to the browser to handle cryptographic operations. A malicious server could target a specific user and send them malicious JavaScript code to steal their encryption key, and it would be extremely hard for the user to ever notice such a thing. Even if the user does notice the attempt to steal their key, it would be incredibly hard to prove that it is the provider trying to do so, because the server can choose to serve different web clients to different users.
Therefore, when relying on end-to-end encryption, you should choose to use native applications over web clients whenever possible.
Even with end-to-end encryption, service providers can still profile you based on **metadata**, which is typically not protected. While the service provider could not read your messages to see what you're saying, they can still observe things like who you're talking to, how often you message them, and what times you're typically active. Protection of metadata is fairly uncommon, and you should pay close attention to the technical documentation of the software you are using to see if there is any metadata minimization or protection at all, if that is a concern for you.
## Mass Surveillance Programs
Mass surveillance is an effort to surveil many or all of a given population. It often refers to government programs such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative.
Online, you can be tracked via a wide variety of methods, including but not limited to:
- Your IP address
- Browser cookies
- Data you submit to websites
- Your browser or device fingerprint
- Payment method correlation
Therefore your goals could be to segregate your online identities from each other, to blend in with other users, and to simply avoid giving out identifying information to anyone as much as possible.
<span class="pg-blue">:material-eye-outline: Mass Surveillance</span>
Governments often cite mass surveillance programs as necessary to combat terrorism and prevent crime, however it is most often used to disproportionately target minorities, political dissidents, and many other groups to create a chilling effect on free speech.
!!! quote "ACLU: [The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)"
In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every Americans phone calls — whos calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about peoples lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline.
Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^1]
<span class="pg-brown">:material-account-cash: Surveillance Capitalism</span>
> Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^2]
Tracking and surveillance by private corporations is a growing concern for many as well. Pervasive ad networks like those operated by Google and Facebook span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries, but can never completely protect you from all tracking.[^3]
Additionally, even companies outside of the ad-tech/tracking space can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (like Cambridge Analytica, Experian, or Datalogix) or other parties, so you can't automatically assume your data is safe merely because the service you are using doesn't fall within a typical data sharing/tracking category. The strongest protection against corporate data collection is to always encrypt or obfuscate your data whenever possible to make it as difficult as possible for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
<span class="pg-green">:material-account-search: Public Exposure</span>
The best way to ensure your data is private is to simply not put it out there in the first place. Deleting information you find about yourself online is one of the best first steps you can take to regain your privacy.
- [View our guide on account deletion :material-arrow-right:](account-deletion.md)
On sites where you do share information, checking the privacy settings of your account to limit how widely that data is spread is very important. For example, if your accounts have a "private mode," enable it to make sure your account isn't being indexed by search engines and can't be viewed by people you don't vet beforehand.
If you have already submitted your real information to a number of sites which shouldn't have it, consider employing disinformation tactics such as submitting fictitious information related to the same online identity to make your real information indistinguishable from the false information.
## Avoiding Censorship
<span class="pg-blue-gray">:material-close-outline: Censorship</span>
Censorship online can be carried out to varying degrees by actors including totalitarian governments, network administrators, and service providers seeking to control the speech of their users and the information they can access. These efforts to filter the internet will always be incompatible with the ideals of free speech.
Censorship on corporate platforms is increasingly common as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video; or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship.
People concerned with the threat of censorship can use technologies like Tor to circumvent it, and support platforms which provide censorship-resistant communication such as Matrix, which has no centralized account authority which can close down accounts arbitrarily.
!!! important
While simply evading censorship itself is relatively easy, hiding the fact that you are evading the censorship system from the censors can be very problematic.
You should consider what aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using encrypted DNS can help you bypass rudimentary censorship systems based solely on DNS, but it cannot truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from the network administrators, but cannot hide that you are using those networks. Pluggable transports like Obfs4proxy, Meek or Shadowsocks can help you evade firewalls that block common VPN protocols or Tor, but an adversary can still figure out that you are actively trying to bypass their censorship system as opposed to just protecting your privacy through probing or deep packet inspection.
You must always consider the risks involved with trying to bypass censorship, what the potential consequences are, and how sophisticated your adversary may be. Be extra cautious with your software selection, and have a backup plan in case you are caught.
## Common Misconceptions
:material-numeric-1-circle: **Open source software is always secure** or **Proprietary software is more secure**
These myths stem from a number of prejudices, but the source-availability and licensure of a software product does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you need to look at the reputation and security of each tool on an individual basis.
Open-source software *can* be audited by third-parties, and is often more transparent regarding potential vulnerabilities than their proprietary counterparts. They can also be more flexible, allowing you to delve into the code and disable any suspicious functionality you find yourself. However, unless you review the code yourself there is no guarantee that code has ever been evaluated, especially with smaller software projects, and the open development process can sometimes be exploited by malicious parties to introduce new vulnerabilities into even large projects.[^4]
On the flip side, proprietary software is less transparent, but that does not imply it is not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering.
At the end of the day, it is **vital** that you research and evaluate the privacy and security properties of each piece of software being used, and avoid making decisions based on biases.
:material-numeric-2-circle: **Shifting trust can increase privacy**
We talk about "shifting trust" a lot when discussing solutions like VPNs, which shift the trust you place in your ISP to the VPN provider. While this protects your browsing data from your ISP specifically, the VPN provider you choose still has access to your browsing data: Your data is not yet completely secured from all parties. This means that:
1. You need to exercise caution when choosing a provider to shift trust to, rather than choosing blindly.
2. You still need to employ other techniques like end-to-end encryption to protect your data completely, merely distrusting one provider to trust another is not hiding your data.
:material-numeric-3-circle: **Privacy-focused solutions are inherently trustworthy**
Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a privacy solution you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is a lack of end-to-end encryption, so you should make sure the provider you switch to actually implements end-to-end encryption, or use a tool like Cryptomator which provides end-to-end encryption on any cloud provider. Blindly switching to a "privacy-focused" provider which does not provide end-to-end encryption does not solve your problem, it merely shifts trust from Google to that provider.
The privacy policies and business practices of a provider you choose are very important, but should be considered secondary to technical guarantees of your privacy: Don't elect to merely shift trust to another provider when trusting a provider isn't a requirement at all.
[^1]: United States Privacy and Civil Liberties Oversight Board: [Report on the Telephone Records Program Conducted under Section 215](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
[^2]: Wikipedia: [Surveillance capitalism](https://en.wikipedia.org/wiki/Surveillance_capitalism)
[^3]: "[Enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (or, "listing all the bad things that we know about") as many adblockers and antivirus programs do, fails to adequately protect you from new and unknown threats because they have not yet been added to the filter list. You need to additionally employ other mitigation techniques to be fully protected.
[^4]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).

2
docs/technology/dns.en.md → docs/basics/dns.en.md
View File

@ -109,7 +109,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
## Why **shouldn't** I use encrypted DNS?
In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS:

42
docs/basics/email-security.en.md Normal file
View File

@ -0,0 +1,42 @@
---
title: Email Security
icon: material/email
---
Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed.
As a result, email is best used for receiving transactional emails (like notifications, verification emails, password resets, etc.) from the services you sign up for online, not for communicating with others.
## Email Encryption Overview
The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org).
There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however, it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480).
Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible.
### What Email Clients Support E2EE?
Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). This can be less secure as you are now relying on email providers to ensure that their encryption implementation works and has not been compromised in anyway.
### How Do I Protect My Private Keys?
A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message, and includes some visible headers that you may have seen such as: `To`, `From`, `Cc`, `Date`, `Subject`. There are also a number of hidden headers included by many email clients and providers that can reveal information about your account.
Client software may use email metadata to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent.
### Who Can View Email Metadata?
Email metadata is protected from outside observers with [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) protecting it from outside observers, but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Sometimes email servers will also use third-party services to protect against spam, which generally also have access to your messages.
### Why Can't Metadata be E2EE?
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
--8<-- "includes/abbreviations.en.md"

38
docs/basics/erasing-data.md Normal file
View File

@ -0,0 +1,38 @@
---
title: "Secure Data Erasure"
icon: 'material/harddisk-remove'
---
**Erasing data** from your computer may seem like a simple task, but if you want to make sure the data is truly unrecoverable, there are some things you should consider.
!!! tip
You should use [full disk encryption](../encryption.md#os-full-disk-encryption) on your storage devices. If your device is stolen or needs to be returned under warranty your privacy may be at risk.
To erase a storage device **thoroughly**, you should securely erase the whole device and not individual files.
## Erasing Your Entire Drive
When you delete a file, the operating system marks the space where the deleted file was as "empty." That "empty" space can be fairly easily undeleted, yielding the original file.
### Magnetic storage
If the disk is a magnetic storage device, such as a spinning hard disk, we suggest using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe). `nwipe` can be installed in most Linux distributions. If you wish to use a complete boot environment on a system, consider using [ShredOS Disk Eraser](https://github.com/PartialVolume/shredos.x86_64). ShredOS boots straight into `nwipe` and allows you to erase available disks. To install it to a flash USB stick see the [installation methods](https://github.com/PartialVolume/shredos.x86_64/blob/master/README.md#obtaining-and-writing-shredos-to-a-usb-flash-drive-the-easy-way-).
Once you have your boot media, enter your system's UEFI settings and boot from the USB stick. Commonly used keys to access UEFI are ++f2++, ++f12++, or ++del++. Follow the on-screen prompts to wipe your data.
![ShredOS](../assets/img/erasing-data/shredos.png)
### Flash Storage
For [flash memory](https://en.wikipedia.org/wiki/Flash_memory) (SSD, NVMe etc) devices we suggest the ATA Secure Erase command. Methods such as `nwipe` should not be used on flash storage devices as it may damage their performance. The "Secure Erase" feature is often accessible through the UEFI setup menu.
It is also possible to complete a Secure Erase using the [`hdparm`](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) command, or [Microsoft Secure Group Commands](https://docs.microsoft.com/en-us/windows-hardware/drivers/storage/security-group-commands).
Physical destruction may be necessary to securely erase devices such as memory cards, USB sticks and unusable hard disks.
## Erasing Specific Files
Securely shredding **individual files** is difficult if not impossible. Copies can exist in a variety of ways such as through manual, or automatic backups, [wear leveling](https://en.wikipedia.org/wiki/Wear_leveling) (on modern [flash storage](https://en.wikipedia.org/wiki/Solid-state_drive)), caching and filesystem [journaling](https://en.wikipedia.org/wiki/Journaling_file_system).
Wear leveled devices do not guarantee a fixed relationship between [logical blocks addressed](https://en.wikipedia.org/wiki/Logical_block_addressing) through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, so shredding may not provide adequate security.
--8<-- "includes/abbreviations.en.md"

0
docs/security/multi-factor-authentication.en.md → docs/basics/multi-factor-authentication.en.md
View File

101
docs/threat-modeling.en.md → docs/basics/threat-modeling.en.md
View File

@ -5,20 +5,14 @@ icon: 'material/target-account'
Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, et cetera. Often people find that the problem with the tools they see recommended is they're just too hard to start using!
If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And even then, <mark>nothing is ever fully secure.</mark> There's **high** security, but never **full** security. That's why threat models are important.
If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And even then, ==nothing is ever fully secure.== There's **high** security, but never **full** security. That's why threat models are important.
**So, what are these threat models anyways?**
<mark>A threat model is a list of the most probable threats to your security/privacy endeavors.</mark> Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is a potential event that could undermine your efforts to stay private and secure.
==A threat model is a list of the most probable threats to your security/privacy endeavors.== Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is a potential event that could undermine your efforts to stay private and secure.
By focusing on the threats that matter to you, this narrows down your thinking about the protection you need, so you can choose the tools that are right for the job.
## Examples of threat models
* An investigative journalist's threat model might be <span class="text-muted">(protecting themselves against)</span> a foreign government.
* A company's manager's threat model might be <span class="text-muted">(protecting themselves against)</span> a hacker hired by competition to do corporate espionage.
* The average citizen's threat model might be <span class="text-muted">(hiding their data from)</span> large tech corporations.
## Creating your threat model
To identify what could happen to the things you value and determine from whom you need to protect them, you want to answer these five questions:
@ -29,45 +23,15 @@ To identify what could happen to the things you value and determine from whom yo
4. How bad are the consequences if I fail?
5. How much trouble am I willing to go through to try to prevent potential consequences?
### Example: Protecting your belongings
* To demonstrate how these questions work, let's build a plan to keep your house and possessions safe.
#### What do you want to protect? (Or, *what do you have that is worth protecting?*)
* Your assets might include jewelry, electronics, important documents, or photos.
#### Who do you want to protect it from?
* Your adversaries might include burglars, roommates, or guests.
#### How likely is it that you will need to protect it?
* Does your neighborhood have a history of burglaries? How trustworthy are your roommates/guests? What are the capabilities of your adversaries? What are the risks you should consider?
#### How bad are the consequences if you fail?
* Do you have anything in your house that you cannot replace? Do you have the time or money to replace these things? Do you have insurance that covers goods stolen from your home?
#### How much trouble are you willing to go through to prevent these consequences?
* Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?
Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market, and consider adding a security system.
Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face.
Now, let's take a closer look at the questions in our list:
### What do I want to protect?
An “asset” is something you value and want to protect. In the context of digital security, <mark>an asset is usually some kind of information.</mark> For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.
An “asset” is something you value and want to protect. In the context of digital security, ==an asset is usually some kind of information.== For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.
*Make a list of your assets: data that you keep, where it's kept, who has access to it, and what stops others from accessing it.*
### Who do I want to protect it from?
To answer this question, it's important to identify who might want to target you or your information. <mark>A person or entity that poses a threat to your assets is an “adversary.”</mark> Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary.”== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
*Make a list of your adversaries, or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
@ -75,7 +39,7 @@ Depending on who your adversaries are, under some circumstances this list might
### How likely is it that I will need to protect it?
<mark>Risk is the likelihood that a particular threat against a particular asset will actually occur.</mark> It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
==Risk is the likelihood that a particular threat against a particular asset will actually occur.== It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).
@ -87,7 +51,7 @@ Assessing risks is both a personal and a subjective process. Many people find ce
There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.
<mark>The motives of adversaries differ widely, as do their tactics.</mark> A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.
==The motives of adversaries differ widely, as do their tactics.== A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.
Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.
@ -95,23 +59,46 @@ Security planning involves understanding how bad the consequences could be if an
### How much trouble am I willing to go through to try to prevent potential consequences?
<mark>There is no perfect option for security.</mark> Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.
==There is no perfect option for security.== Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.
For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos.
*Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.*
<div class="row">
<div class="col-12 col-lg-6">
<h2>Further reading</h2>
<ul>
<li><a href="https://en.wikipedia.org/wiki/Threat_model">Wikipedia: Threat model</a></li>
</ul>
</div>
<div class="col-12 col-lg-6">
<h2>Sources</h2>
<ul>
<li><a href="https://ssd.eff.org/en/module/your-security-plan">EFF Surveillance Self Defense: Your Security Plan</a></li>
</ul>
</div>
</div>
### Try it yourself: Protecting your belongings
These questions can apply to a wide variety of situations, online and offline. As a generic demonstration of how these questions work, let's build a plan to keep your house and possessions safe.
**What do you want to protect? (Or, *what do you have that is worth protecting?*)**
: Your assets might include jewelry, electronics, important documents, or photos.
**Who do you want to protect it from?**
: Your adversaries might include burglars, roommates, or guests.
**How likely is it that you will need to protect it?**
: Does your neighborhood have a history of burglaries? How trustworthy are your roommates/guests? What are the capabilities of your adversaries? What are the risks you should consider?
**How bad are the consequences if you fail?**
: Do you have anything in your house that you cannot replace? Do you have the time or money to replace these things? Do you have insurance that covers goods stolen from your home?
**How much trouble are you willing to go through to prevent these consequences?**
: Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?
Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market, and consider adding a security system.
Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face.
## Further reading
For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations.
- [Common Goals and Threats :material-arrow-right:](common-threats.md)
## Sources
- [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan)

86
docs/basics/vpn-overview.en.md Normal file
View File

@ -0,0 +1,86 @@
---
title: VPN Overview
icon: material/vpn
---
Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (ie. modem).
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](/basics/dns.md/#why-shouldnt-i-use-encrypted-dns).
A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it.
## Should I use a VPN?
**Yes**, unless you are already using Tor. A VPN does 2 things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third party service.
VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way.
However, they do hide your actual IP from a third party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking.
## What about encryption?
Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption.
In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf).
## Should I use encrypted DNS with a VPN?
Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third party servers will simply add more entities to trust, and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider.
A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for [TLS certificates](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) with **HTTPS** and warn you about it. If you are not using **HTTPS**, then an adversary can still just modify anything other than your DNS queries and the end result will be little different.
Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit, and would allow the encrypted DNS provider to deanonymize you.
## Should I use Tor *and* a VPN?
By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefit to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required).
## What if I need anonymity?
VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead.
## What about VPN providers that provides Tor nodes?
Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [http3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
Thus, this feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For true anonymity, use the Tor Browser Bundle, TorSocks, or a Tor gateway.
## When are VPNs useful?
A VPN may still be useful to you in a variety of scenarios, such as:
1. Hiding your traffic from **only** your Internet Service Provider.
2. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
3. Hiding your IP from third party websites and services, preventing IP based tracking.
For use cases like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor.
## Sources and Further Reading
1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
2. [The self-contained networks](../self-contained-networks.md) recommended by Privacy Guides are able to replace a VPN that allows access to services on local area network
3. [Slicing Onions: Part 1 Myth-busting Tor](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904) by blacklight447
4. [Slicing Onions: Part 2 Onion recipes; VPN not required](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required) by blacklight447
5. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
6. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
## Related VPN Information
- [The Trouble with VPN and Privacy Review Sites](https://medium.com/privacyguides/the-trouble-with-vpn-and-privacy-review-sites-ae9b29eda8fd)
- [Proxy.sh VPN Provider Sniffed Server Traffic to Catch Hacker](https://torrentfreak.com/proxy-sh-vpn-provider-monitored-traffic-to-catch-hacker-130930/)
- [blackVPN announced to delete connection logs after disconnection](https://medium.com/@blackVPN/no-logs-6d65d95a3016)
- [Don't use LT2P IPSec, use other protocols.](https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa)
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
## VPN Security Breaches
Some examples of why external security auditing is important:
- ["Zero logs" VPN exposes millions of logs including user passwords, claims data is anonymous](https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/) July 2020
- [NordVPN HTTP POST bug exposed customer information, no authentication required](https://www.zdnet.com/article/nordvpn-http-post-bug-exposed-sensitive-customer-information/) March 2020
- [Row erupts over who to blame after NordVPN says: One of our servers was hacked via remote management tool](https://www.theregister.com/2019/10/21/nordvpn_security_issue/) October 2019
- [VPN servers seized by Ukrainian authorities weren't encrypted and allowed authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them](https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/) July 2021
--8<-- "includes/abbreviations.en.md"

231
docs/browsers.en.md
View File

@ -2,7 +2,7 @@
title: "Web Browsers"
icon: octicons/browser-16
---
These are our current web browser recommendations and settings. We recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
These are our currently recommended web browsers and configurations. In general, we recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
## General Recommendations
@ -12,24 +12,29 @@ These are our current web browser recommendations and settings. We recommend kee
![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
**Tor Browser** is the choice if you need anonymity. This browser provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with extensions that can be automatically configured to fit its three security levels - *Standard*, *Safer* and *Safest*. We recommend that you do not change any of Tor Browser's default configurations outside of the standard security levels.
**Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
[Homepage](https://www.torproject.org){ .md-button .md-button--primary } [:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .md-button } [Privacy Policy](https://support.torproject.org/tbb/tbb-3/){ .md-button }
The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default security levels.
[:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
[:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
[:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation }
[:octicons-code-16:](https://gitweb.torproject.org/tor-browser.git/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://www.torproject.org/download/)
- [:fontawesome-brands-apple: macOS](https://www.torproject.org/download/)
- [:fontawesome-brands-linux: Linux](https://www.torproject.org/download/)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
- [:fontawesome-brands-git: Source](https://trac.torproject.org/projects/tor)
[:fontawesome-brands-windows:](https://www.torproject.org/download/){ title=Windows }
[:fontawesome-brands-apple:](https://www.torproject.org/download/){ title=macOS }
[:fontawesome-brands-linux:](https://www.torproject.org/download/){ title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/com.github.micahflee.torbrowser-launcher){ title=Flatpak }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.torproject.torbrowser){ title="Google Play" }
[:pg-f-droid:](https://guardianproject.info/fdroid/){ title=F-Droid }
!!! warning
You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Browser extensions make you stand out from other people on the Tor network, and make your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
!!! danger
You should **never** install any additional extensions on Tor Browser, including the ones we suggest for Firefox. Browser extensions make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
## Desktop Browser Recommendations
## Desktop Recommendations
### Firefox
@ -39,22 +44,25 @@ These are our current web browser recommendations and settings. We recommend kee
**Firefox** provides strong privacy settings such as [Enhanced Tracking Protection](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop), which can help block various [types of tracking](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_what-enhanced-tracking-protection-blocks).
[Homepage](https://firefox.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mozilla.org/privacy/firefox){ .md-button }
[:octicons-home-16: Homepage](https://firefox.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.mozilla.org/privacy/firefox/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://firefox-source-docs.mozilla.org/){ .card-link title=Documentation}
[:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.mozilla.org/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://www.mozilla.org/firefox/windows)
- [:fontawesome-brands-apple: macOS](https://www.mozilla.org/firefox/mac)
- [:fontawesome-brands-linux: Linux](https://www.mozilla.org/firefox/linux)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.firefox)
- [:fontawesome-brands-git: Source](https://hg.mozilla.org/mozilla-central)
[:fontawesome-brands-windows:](https://www.mozilla.org/firefox/windows){ title=Windows }
[:fontawesome-brands-apple:](https://www.mozilla.org/firefox/mac){ title=macOS }
[:fontawesome-brands-linux:](https://www.mozilla.org/firefox/linux){ title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/org.mozilla.firefox){ title=Flatpak }
!!! warning
Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/).
#### Recommended Configuration
Tor Browser is the only way to truly browse the internet anonymously. When you use Firefox we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than Tor will be traceable by *somebody* in some regard or another.
Tor Browser is the only way to truly browse the internet anonymously. When you use Firefox we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than [Tor Browser](#tor-browser) will be traceable by *somebody* in some regard or another.
These options can be found in :material-menu: → **Settings****Privacy & Security**.
@ -100,10 +108,6 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
[Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices and protects it with E2EE.
#### Extensions
We generally do not recommend installing any extensions as they increase your attack surface. However, if you want content blocking, [uBlock Origin](#additional-resources) might be useful to you. The extension is also a :trophy: [Recommended Extension](https://support.mozilla.org/kb/add-on-badges#w_recommended-extensions) by Mozilla.
#### Arkenfox (advanced)
The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. If you [decide](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) to use Arkenfox, a [few options](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-[Common]) are subjectively strict and/or may cause some websites to not work properly - [which you can easily change](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) to suit your needs. We **strongly recommend** reading through their full [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/en-US/kb/containers#w_for-advanced-users) support.
@ -114,68 +118,104 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca
![Brave logo](assets/img/browsers/brave.svg){ align=right }
**Brave** is built upon the Chromium browser, featuring a built in ad blocker and some [privacy features](https://brave.com/privacy-features/) enabled by default.
**Brave Browser** includes a built in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default.
We only recommend Brave as a desktop browser. There are better [alternatives](#mobile-browser-recommendations) on mobile platforms.
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
[Visit Homepage](https://brave.com/){ .md-button .md-button--primary } [Privacy Policy](https://brave.com/privacy/browser/){ .md-button }
We don't recommend Brave's mobile browser offerings as there are better [options](#mobile-recommendations) for mobile platforms.
??? downloads
[:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
[:pg-tor:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
- [:fontawesome-brands-windows: Windows](https://laptop-updates.brave.com/latest/winx64)
- [:fontawesome-brands-apple: macOS](https://laptop-updates.brave.com/latest/osxarm64)
- [:fontawesome-brands-linux: Linux](https://brave.com/linux/#linux)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.brave.Browser)
- [:fontawesome-brands-github: Source](https://github.com/brave/brave-browse)
??? downloads annotate
[:fontawesome-brands-windows:](https://brave.com/download/){ title=Windows }
[:fontawesome-brands-apple:](https://brave.com/download/){ title=macOS }
[:fontawesome-brands-linux:](https://brave.com/linux/){ title=Linux } (1)
1. We advise against using the Flatpak version of Brave, as it replaces Chromium's sandbox with Flatpak's, which is less effective. Additionally, the package is not maintained by Brave Software, Inc.
#### Recommended Configuration
Tor Browser is the only way to truly browse the internet anonymously. When you use Brave we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](#tor-browser) will be traceable by *somebody* in some regard or another.
These options can be found in :material-menu: → **Settings**.
##### Shields
Brave has privacy options such as ad and tracker blocking. It also includes some anti fingerprinting features in the [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) component. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit.
Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit.
We recommend setting *Aggressive* which can be found in :material-menu: **Settings****Shields****Trackers & ads blocking**.
Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following:
We also suggest changing the fingerprinting blocker to *Strict* in :material-menu: **Settings****Shields****Fingerprint blocking**. You can always downgrade it if you need to on a per-site basis.
<div class="annotate" markdown>
- [x] Select **Aggressive** under Trackers & ads blocking
??? warning "Use default filter lists"
Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
- [x] (Optional) Select **Block Scripts** (1)
- [x] Select **Strict, may break sites** under Block fingerprinting
</div>
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension.
##### Social media blocking
Disable social media components in :material-menu: **Settings****Social media blocking**.
- [ ] Uncheck all social media components
##### Privacy and Security
There are a few options in here you may want to change:
- Set the [*WebRTC IP Handling Policy*](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) to *Disable Non-Proxied UDP* in :material-menu: **Settings****Privacy and Security**.
- [ ] Select **Disable Non-Proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
- [ ] Uncheck **Use Google services for push messaging**
- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
- [ ] Uncheck **Automatically send daily usage ping to Brave**
- Enable *Always use secure connections* in :material-menu: **Settings****Privacy and Security****Security**.
- [x] Select **Always use secure connections** in the **Security** menu
##### Sanitizing on close
!!! important "Sanitizing on Close"
- [x] Select **Clear cookies and site data when you close all windows** in the *Cookies and other site data* menu
Select all items in *Clear browsing data* except for *Site and Shields Settings* in :material-menu: **Settings****Privacy and Security****Clear browsing data****On exit**.
If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis under the *Customized behaviors* section.
##### Extensions
Disable the extensions you do not use in :material-menu: **Settings** **Extensions**
Disable built-in extensions you do not use in **Extensions**
<div class="annotate" markdown>
- [ ] Uncheck **Hangouts**
- [ ] Uncheck **Private window with Tor**
- [ ] Uncheck **Private window with Tor** (1)
- [ ] Uncheck **WebTorrent**
Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) use the [Tor Browser](#tor-browser).
</div>
1. Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) use the [Tor Browser](#tor-browser).
##### IPFS
InterPlanetary File System (IPFS) is a decentralized peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use it set *Method to resolve IPFS resources* to *Disabled* in :material-menu: **Settings****IPFS**.
InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.
##### Background apps
- [ ] Select **Disabled** on Method to resolve IPFS resources
Disable background apps in :material-menu: **Settings****Additional settings****System****Continue running apps when Brave is closed**.
##### Additional settings
## Mobile Browser Recommendations
Under the system *System* menu
Firefox on Android is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
<div class="annotate" markdown>
- [ ] Uncheck **Continue running apps when Brave is closed** to disable background apps (1)
</div>
1. This option is not present on all platforms.
## Mobile Recommendations
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
@ -187,12 +227,17 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
**Bromite** is a Chromium-based browser with privacy and security enhancements, built-in ad blocking, and some fingerprinting randomization.
[Homepage](https://www.bromite.org){ .md-button .md-button--primary } [Privacy Policy](https://www.bromite.org/privacy){ .md-button }
[:octicons-home-16: Homepage](https://www.bromite.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.bromite.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/bromite/bromite/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/bromite/bromite){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/bromite/bromite#donate){ .card-link title=Contribute }
??? downloads
??? downloads annotate
- [:pg-f-droid: F-Droid](https://www.bromite.org/fdroid) ([Neo Store](/android/#neo-store) users can enable the *Bromite repository* in :material-dots-vertical: → **Repositories**)
- [:fontawesome-brands-github: Source](https://github.com/bromite/bromite)
[:pg-f-droid:](https://www.bromite.org/fdroid){ title=F-Droid } (1)
1. If you use [Neo Store](/android/#neo-store), you can enable the *Bromite repository* in:<br> :material-dots-vertical: → **Repositories**
These options can be found in :material-menu: → :gear: **Settings****Privacy and Security**.
@ -218,7 +263,9 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
[Website](https://www.apple.com/safari/){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/data/en/safari/){ .md-button }
[:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
#### Recommended Configuration
@ -234,7 +281,7 @@ This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/track
Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
Privacy Report is accessible through the "**aA**" icon in the URL bar.
Privacy Report is accessible via the Page Settings menu (:pg-textformat-size:).
##### Privacy Preserving Ad Measurement
@ -262,16 +309,14 @@ Do note that Private Browsing does not save cookies and website data, so it won'
##### iCloud Sync
While synchronization of Safari History, Tab Groups, and iCloud Tabs uses E2EE, bookmarks sync does [not](https://support.apple.com/en-us/HT202303); they are only encrypted in transit and stored in an encrypted format on Apple's servers. Apple may be able to decrypt and access them.
Synchronization of Safari History, Tab Groups, iCloud Tabs, and saved passwords are E2EE. However, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings****Safari****General****Downloads**.
#### Extensions
We generally do not recommend installing [any extensions](https://www.sentinelone.com/blog/inside-safari-extensions-malware-golden-key-user-data/) as they increase your browser's attack surface; however, if you want content blocking, [AdGuard for Safari](#additional-resources) might be useful to you.
## Additional Resources
We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin or AdGuard may prove useful if you value content blocking functionality.
### uBlock Origin
!!! recommendation
@ -280,41 +325,37 @@ We generally do not recommend installing [any extensions](https://www.sentinelon
**uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
We suggest enabling all of the [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) under the "Ads," "Privacy," and "Malware domains". The "Annoyances" and "Multipurpose" lists can also be enabled, but they may break some social media functions. The *AdGuard URL Tracking Protection* filter list makes extensions like CleanURLs and NeatURLs redundant.
[Extension Info](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin)
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
- [:fontawesome-brands-opera: Opera](https://addons.opera.com/extensions/details/ublock)
- [:fontawesome-brands-github: Source](https://github.com/gorhill/uBlock)
[:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/ublock-origin/){ .card-link title=Firefox }
[:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm){ .card-link title=Chrome }
[:fontawesome-brands-edge:](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak){ .card-link title=Edge }
We also suggest adding the [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt) list and any of the regional lists that might apply to your browsing habits. To add this list, first access settings by clicking on the uBO icon, then the settings icon ( :gear: ). Go to the bottom of the Filter lists pane and place a checkmark next to Import under the Custom section. Paste the URL of the filter list above into the text area that appears below and click "Apply changes".
We suggest leaving the extension in its default configuration. Additional filter lists can impact performance and may increase attack surface, so only apply what you need. If there is a [vulnerability in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) a third party filter could add malicious rules that can potentially steal user data.
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
uBlock Origin also has different [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode). The easy mode [might not](https://www.ranum.com/security/computer_security/editorials/dumb/) necessarily keep you safe from every tracker out there, whereas the more advanced modes let you control exactly what needs to run.
### AdGuard for Safari
### AdGuard for iOS
!!! recommendation
![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
**AdGuard for Safari** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
We suggest enabling the filters labled *#recommended* under the "Ad Blocking" and "Privacy" [content blockers](https://kb.adguard.com/en/safari/overview#content-blockers). The *#recommended* filters can also be enabled for the "Social Widgets" and "Annoyances" content blockers, but they may break some social media functions.
AdGuard for iOS has some premium features, however the standard Safari content blocking is free of charge.
[Website](https://adguard.com/en/adguard-safari/overview.html){ .md-button .md-button--primary } [Privacy Policy](https://adguard.com/en/privacy/safari.html){ .md-button }
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-safari: Safari](https://apps.apple.com/app/adguard-for-safari/id1440147259)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
- [:fontawesome-brands-git: Source](https://github.com/AdguardTeam/AdGuardForSafari)
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/apple-store/id1047223162){ .card-link title="App Store" }
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
@ -327,14 +368,29 @@ There is also [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html
![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
**Snowflake** is a browser extension which allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser. People who are censored can use Snowflake proxies to connect to the Tor network. Installing this extension is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
[Website](https://snowflake.torproject.org/){ .md-button .md-button--primary }
People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
The Snowflake browser extension does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy. Their visible browsing IP address will match their Tor exit node, not yours.
[:octicons-home-16: Homepage](https://snowflake.torproject.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
[:octicons-code-16:](https://gitweb.torproject.org/pluggable-transports/snowflake.git/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
??? downloads
[:fontawesome-brands-firefox:](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/){ .card-link title=Firefox }
[:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie){ .card-link title=Chrome }
[:octicons-browser-16:](https://snowflake.torproject.org/embed){ .card-link title="Web (leave this page open to be a Snowflake proxy)" }
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface.
<center><iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe></center>
### Terms of Service; Didn't Read
!!! recommendation
@ -343,7 +399,10 @@ Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or b
**Terms of Service; Didn't Read** grades websites based on their terms of service agreements and privacy policies. It also gives short summaries of those agreements. The analyses and ratings are published transparently by a community of reviewers.
[Website](https://tosdr.org){ .md-button .md-button--primary } [Privacy Policy](https://addons.mozilla.org/firefox/addon/terms-of-service-didnt-read/privacy){ .md-button }
[:octicons-globe-16: Website](https://tosdr.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://docs.tosdr.org/sp/tosdr.org-Privacy-Policy.89456373.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.tosdr.org/index.html){ .card-link title=Documentation}
[:octicons-heart-16:](https://tosdr.org/donate){ .card-link title=Contribute }
We do not recommend installing ToS;DR as a browser extension; the same information is also provided on their website.

82
docs/calendar-contacts.en.md
View File

@ -17,19 +17,22 @@ These products are included with an subscription with their respective [email pr
**Tutanota** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://tutanota.com/calendar-app-comparison/). Multiple calendars and extended sharing functionality is limited to paid subscribers.
[Website](https://tutanota.com/calendar){ .md-button .md-button--primary } [Privacy Policy](https://tutanota.com/privacy){ .md-button }
[:octicons-home-16: Homepage](https://tutanota.com/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-solid-earth-americas: Web](https://mail.tutanota.com/)
- [:fontawesome-brands-windows: Windows](https://tutanota.com/blog/posts/desktop-clients/)
- [:fontawesome-brands-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/)
- [:fontawesome-brands-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.tutanota.Tutanota)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.tutao.tutanota)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/tutanota/id922429609)
- [:fontawesome-brands-github: Source](https://github.com/tutao/tutanota)
[:octicons-browser-16:](https://mail.tutanota.com/){ .card-link title=Web }
[:fontawesome-brands-windows:](https://tutanota.com/blog/posts/desktop-clients/){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://tutanota.com/blog/posts/desktop-clients/){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://tutanota.com/blog/posts/desktop-clients/){ .card-link title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/com.tutanota.Tutanota){ .card-link title=Flatpak }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=de.tutao.tutanota){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/en/packages/de.tutao.tutanota){ .card-link title=F-Droid }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/tutanota/id922429609){ .card-link title="App Store" }
### Proton Calendar
@ -37,15 +40,17 @@ These products are included with an subscription with their respective [email pr
![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ align=right }
**Proton Calendar** is an encrypted calendar serivce available to ProtonMail members. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://protonmail.com/support/knowledge-base/proton-calendar-guide/). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers. Proton Calendar is currently only available for the web and Android.
**Proton Calendar** is an encrypted calendar serivce available to Proton Mail members. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers. Proton Calendar is currently only available for the web and Android.
[Website](https://calendar.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
[:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-solid-earth-americas: Web](https://calendar.protonmail.com)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
- [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
[:octicons-browser-16:](https://calendar.proton.me){ .card-link title=Web }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=me.proton.android.calendar){ .card-link title="Google Play" }
## Self-hostable
@ -61,15 +66,18 @@ Some of these options are self-hostable, but could be offered by third party Saa
EteSync also offers optional software as a service for [$24 per year](https://dashboard.etebase.com/user/partner/pricing/) to use, or you can host the server yourself for free.
[Website](https://www.etesync.com){ .md-button .md-button--primary } [Privacy Policy](https://www.etesync.com/tos/#privacy){ .md-button }
[:octicons-home-16: Homepage](https://www.etesync.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.etesync.com/tos/#privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.etesync.com/user-guide/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/etesync){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.etesync.com/contribute/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-solid-earth-americas: Client Instructions](https://github.com/etesync/etesync-dav/blob/master/README.md#specific-client-notes-and-instructions)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.etesync.syncadapter)
- [:pg-f-droid: F-Droid](https://f-droid.org/app/com.etesync.syncadapter)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/apple-store/id1489574285)
- [:fontawesome-brands-github: Source](https://github.com/etesync)
[:octicons-device-desktop-16:](https://github.com/etesync/etesync-dav/blob/master/README.md#specific-client-notes-and-instructions){ .card-link title="Client Setup" }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.etesync.syncadapter){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/app/com.etesync.syncadapter){ .card-link title=F-Droid }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/apple-store/id1489574285){ .card-link title="App Store" }
### Nextcloud
@ -79,20 +87,23 @@ Some of these options are self-hostable, but could be offered by third party Saa
**Nextcloud** is a suite of client-server software for creating and using file hosting services. This includes calendar sync via CalDAV and contacts sync via CardDAV. Nextcloud is free and open-source, thereby allowing anyone to install and operate it without charge on a private server.
You can self host Nextcloud or pay for service from a [provider](https://nextcloud.com/signup/).
You can self-host Nextcloud or pay for service from a [provider](https://nextcloud.com/signup/).
[Homepage](https://nextcloud.com/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://nextcloud.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://nextcloud.com/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
[:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
- [:fontawesome-brands-apple: macOS](https://nextcloud.com/install/#install-clients)
- [:fontawesome-brands-linux: Linux](https://nextcloud.com/install/#install-clients)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.nextcloud.desktopclient.nextcloud)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nextcloud.client)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/nextcloud/id1125420102)
- [:fontawesome-brands-github: Source](https://github.com/nextcloud)
[:fontawesome-brands-windows:](https://nextcloud.com/install/#install-clients){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://nextcloud.com/install/#install-clients){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://nextcloud.com/install/#install-clients){ .card-link title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/com.nextcloud.desktopclient.nextcloud){ .card-link title=Flatpak }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.nextcloud.client){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/com.nextcloud.client){ .card-link title=F-Droid }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/nextcloud/id1125420102){ .card-link title="App Store" }
### DecSync CC
@ -104,11 +115,14 @@ Some of these options are self-hostable, but could be offered by third party Saa
There are [plugins](https://github.com/39aldo39/DecSync#rss) to sync other types of data such as [RSS](news-aggregators.md).
[Project Info](https://github.com/39aldo39/DecSync#readme){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://github.com/39aldo39/DecSync){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/39aldo39/DecSync/blob/master/design.md){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/39aldo39/DecSync){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/39aldo39/DecSync#donations){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.decsync.cc)
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.decsync.cc)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.decsync.cc){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/org.decsync.cc){ .card-link title=F-Droid }
--8<-- "includes/abbreviations.en.md"

69
docs/cloud.en.md
View File

@ -2,9 +2,9 @@
title: "Cloud Storage"
icon: material/file-cloud
---
If you are currently using a Cloud Storage Service like Dropbox, Google Drive, Microsoft OneDrive, or Apple iCloud, you are putting complete trust in your service provider to not look at your files.
Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE.
Eliminate the need for trust in your provider by using an alternative below that supports E2EE.
If these alternatives do not fit your needs, we suggest you look into [Encryption Software](encryption.md).
## Nextcloud
@ -14,24 +14,27 @@ Eliminate the need for trust in your provider by using an alternative below that
**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. It also comes with experimental E2EE.
[Homepage](https://nextcloud.com){ .md-button .md-button--primary } [Privacy Policy](https://nextcloud.com/privacy){ .md-button }
[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
[:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
- [:fontawesome-brands-apple: macOS](https://nextcloud.com/install/#install-clients)
- [:fontawesome-brands-linux: Linux](https://nextcloud.com/install/#install-clients)
- [:fontawesome-brands-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud)
- [:pg-openbsd: OpenBSD](https://openports.se/www/nextcloud)
- [:pg-netbsd: NetBSD](https://pkgsrc.se/www/php-nextcloud)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nextcloud.client)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1125420102)
- [:fontawesome-brands-github: Source](https://github.com/nextcloud)
[:fontawesome-brands-windows:](https://nextcloud.com/install/#install-clients){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://nextcloud.com/install/#install-clients){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://nextcloud.com/install/#install-clients){ .card-link title=Linux }
[:fontawesome-brands-freebsd:](https://www.freshports.org/www/nextcloud){ .card-link title=FreeBSD }
[:pg-openbsd:](https://openports.se/www/nextcloud){ .card-link title=OpenBSD }
[:pg-netbsd:](https://pkgsrc.se/www/php-nextcloud){ .card-link title=NetBSD }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.nextcloud.client){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/com.nextcloud.client){ .card-link title=F-Droid }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1125420102){ .card-link title=App Store }
We recommend checking if your Nextcloud provider supports E2EE, otherwise you have to trust the provider to not look at your files.
When self hosting Nextcloud, you should also enable E2EE to protect against your hosting provider snooping on your data.
When self-hosting Nextcloud, you should also enable E2EE to protect against your hosting provider snooping on your data.
## Proton Drive
@ -39,17 +42,16 @@ When self hosting Nextcloud, you should also enable E2EE to protect against your
![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
**Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [ProtonMail](https://protonmail.com).
**Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail).
[Website](https://drive.protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
??? downloads
- [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
Proton Drive is currently in beta and only is only available through a web client.
When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](threat-modeling.md), consider using an alternative.
When using a web client, you are placing trust in the server to send you proper JavaScript code to derive the decryption key and authentication token locally in your browser. A compromised server can send you malicious JavaScript code to steal your master password and decrypt your data. If this does not fit your [threat model](basics/threat-modeling.md), consider using an alternative.
## Cryptee
@ -58,13 +60,12 @@ When using a web client, you are placing trust in the server to send you proper
![Cryptee logo](./assets/img/cloud/cryptee.svg#only-light){ align=right }
![Cryptee logo](./assets/img/cloud/cryptee-dark.svg#only-dark){ align=right }
**Cryptee** is an encrypted, secure photo storage service, and an encrypted documents editor.
**Cryptee** is a web-based, encrypted, secure photo storage service and documents editor.
[Website](https://crypt.ee){ .md-button .md-button--primary } [Privacy Policy](https://crypt.ee/privacy){ .md-button }
??? downloads
- [:fontawesome-brands-github: Source](https://github.com/cryptee/web-client)
[:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary }
[:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" }
## Tahoe-LAFS
@ -80,14 +81,16 @@ When using a web client, you are placing trust in the server to send you proper
**Tahoe-LAFS** is a free, open, and decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security. The servers used as storage pools do not have access to your data.
[Homepage](https://www.tahoe-lafs.org){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://www.tahoe-lafs.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://tahoe-lafs.readthedocs.io/en/latest/){ .card-link title=Documentation}
[:octicons-code-16:](https://www.tahoe-lafs.org/trac/tahoe-lafs/browser){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tahoe-lafs.readthedocs.io/en/latest/donations.html){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://github.com/tahoe-lafs/tahoe-lafs#via-pip)
- [:fontawesome-brands-apple: macOS](https://github.com/tahoe-lafs/tahoe-lafs#via-pip)
- [:fontawesome-brands-linux: Linux](https://github.com/tahoe-lafs/tahoe-lafs#using-os-packages)
- [:pg-netbsd: NetBSD](https://pkgsrc.se/filesystems/tahoe-lafs)
- [:fontawesome-brands-git: Source](https://www.tahoe-lafs.org/trac/tahoe-lafs/browser)
[:fontawesome-brands-windows:](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#microsoft-windows){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#linux-bsd-or-macos){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#linux-bsd-or-macos){ .card-link title=Linux }
[:pg-netbsd:](https://tahoe-lafs.readthedocs.io/en/latest/Installation/install-tahoe.html#linux-bsd-or-macos){ .card-link title=NetBSD }
--8<-- "includes/abbreviations.en.md"

80
docs/dns.en.md
View File

@ -7,7 +7,7 @@ icon: material/dns
Encrypted DNS with third party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
[Learn more about DNS](technology/dns.md){ .md-button }
[Learn more about DNS](basics/dns.md){ .md-button }
## Recommended Providers
@ -15,23 +15,22 @@ icon: material/dns
| ------------ | -------------- | --------- | ------- | --- | --------- |
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS)
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH <br> DoT | Some[^2] | No | Based on server choice.|
| [**MullvadDNS**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^5] | Optional | Based on server choice. |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^3] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock)
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Optional[^4] | Optional | Based on server choice. |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^5] | Optional | Based on server choice, Malware blocking by default. |
[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
[^3]: Neither ControlD's free nor premium plans have logging enabled by default. Premium subscribers can enable logging/analytics at will. [https://controld.com/privacy](https://controld.com/privacy)
[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy)
[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)
[^3]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
[^4]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy)
[^5]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)
The criteria for the servers listed above are:
- Must support [DNSSEC](technology/dns.md#what-is-dnssec-and-when-is-it-used)
- Must support [DNSSEC](basics/dns.md#what-is-dnssec)
- Must have [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support
- [QNAME Minimization](technology/dns.md#what-is-qname-minimization)
- Allow for [ECS](technology/dns.md#what-is-edns-client-subnet-ecs) to be disabled
- [QNAME Minimization](basics/dns.md#what-is-qname-minimization)
- Allow for [ECS](basics/dns.md#what-is-edns-client-subnet-ecs) to be disabled
## Native Operating System Support
@ -73,7 +72,7 @@ Select **Settings** &rarr; **Network & Internet** &rarr; **Ethernet or WiFi**, &
## Encrypted DNS Proxies
Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](technology/dns.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](technology/dns.md#what-is-encrypted-dns).
Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](basics/dns.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](basics/dns.md#what-is-encrypted-dns).
### RethinkDNS
@ -82,15 +81,17 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te
![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right }
![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right }
**RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](technology/dns.md#dns-over-https-doh), [DNS-over-TLS](technology/dns.md#dns-over-tls-dot), [DNSCrypt](technology/dns.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too.
**RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](basics/dns.md#dns-over-https-doh), [DNS-over-TLS](basics/dns.md#dns-over-tls-dot), [DNSCrypt](basics/dns.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too.
[Website](https://rethinkdns.com){ .md-button .md-button--primary } [Privacy Policy](https://rethinkdns.com/privacy){ .md-button }
[:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.celzero.bravedns)
- [:fontawesome-brands-github: Source](https://github.com/celzero/rethink-app)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.celzero.bravedns){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/com.celzero.bravedns){ .card-link title=F-Droid }
### DNSCloak
@ -98,14 +99,15 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te
![DNSCloak logo](assets/img/ios/dnscloak.png){ align=right }
**DNSCloak** is an open-source iOS client supporting [DNS-over-HTTPS](technology/dns.md#dns-over-https-doh), [DNSCrypt](technology/dns.md#dnscrypt), and [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy/wiki) options such as caching DNS responses, locally logging DNS queries, and custom block lists. You can [add custom resolvers by DNS stamp](https://medium.com/privacyguides/adding-custom-dns-over-https-resolvers-to-dnscloak-20ff5845f4b5).
**DNSCloak** is an open-source iOS client supporting [DNS-over-HTTPS](basics/dns.md#dns-over-https-doh), [DNSCrypt](basics/dns.md#dnscrypt), and [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy/wiki) options such as caching DNS responses, locally logging DNS queries, and custom block lists. You can [add custom resolvers by DNS stamp](https://medium.com/privacyguides/adding-custom-dns-over-https-resolvers-to-dnscloak-20ff5845f4b5).
[Project Info](https://github.com/s-s/dnscloak/blob/master/README.md){ .md-button .md-button--primary } [Privacy Policy](https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view){ .md-button }
[:octicons-repo-16: Repository](https://github.com/s-s/dnscloak){ .md-button .md-button--primary }
[:octicons-eye-16:](https://drive.google.com/file/d/1050No_pU74CAWUS5-BwQWyO2x_aiMzWc/view){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/s-s/dnscloak){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1452162351)
- [:fontawesome-brands-github: Source](https://github.com/s-s/dnscloak)
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1452162351){ .card-link title="App Store" }
### dnscrypt-proxy
@ -113,17 +115,37 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te
![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right }
**dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](technology/dns.md#dnscrypt), [DNS-over-HTTPS](technology/dns.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
**dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](basics/dns.md#dnscrypt), [DNS-over-HTTPS](basics/dns.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
!!! warning "The anonymized DNS feature does [**not**](technology/dns.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic."
!!! warning "The anonymized DNS feature does [**not**](basics/dns.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic."
[Wiki](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .md-button .md-button--primary } [Privacy Policy](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .md-button }
[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
- [:fontawesome-brands-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
- [:fontawesome-brands-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
- [:fontawesome-brands-github: Source](https://github.com/DNSCrypt/dnscrypt-proxy)
[:fontawesome-brands-windows:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux){ .card-link title=Linux }
## Self-hosted Solutions
### Pi-hole
!!! recommendation
![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right }
**Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements.
Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content.
[:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
--8<-- "includes/abbreviations.en.md"

101
docs/email-clients.en.md
View File

@ -7,7 +7,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
??? Attention "Email does not provide forward secrecy"
When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email.
OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](email.md#email-encryption-overview). Consider using a medium that provides forward secrecy:
OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](basics/email-security.md). Consider using a medium that provides forward secrecy:
[Real-time Communication](real-time-communication.md){ .md-button }
@ -19,15 +19,17 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
**Thunderbird** is a free, open source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by the Thunderbird community, and previously by the Mozilla Foundation.
[Homepage](https://www.thunderbird.net){ .md-button .md-button--primary } [Privacy Policy](https://www.mozilla.org/privacy/thunderbird){ .md-button }
[:octicons-home-16: Homepage](https://www.thunderbird.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.mozilla.org/privacy/thunderbird){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mozilla.org/products/thunderbird){ .card-link title=Documentation}
[:octicons-code-16:](https://hg.mozilla.org/comm-central){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-windows: Windows](https://www.thunderbird.net)
- [:fontawesome-brands-apple: macOS](https://www.thunderbird.net)
- [:fontawesome-brands-linux: Linux](https://www.thunderbird.net)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.mozilla.Thunderbird)
- [:fontawesome-brands-git: Source](https://hg.mozilla.org/comm-central)
[:fontawesome-brands-windows:](https://www.thunderbird.net){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://www.thunderbird.net){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://www.thunderbird.net){ .card-link title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/org.mozilla.Thunderbird){ .card-link title=Flatpak }
## Apple Mail
@ -41,7 +43,9 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
**Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](/encryption/#gpg-suite), which adds the ability to send encrypted email.
[Website](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/en-ww/){ .md-button }
[:octicons-home-16: Homepage](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.apple.com/legal/privacy/en-ww/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.apple.com/guide/mail/toc){ .card-link title=Documentation}
## GNOME Evolution
@ -51,12 +55,15 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
**Evolution** is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive [documentation](https://help.gnome.org/users/evolution/stable/) to help you get started.
[Website](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary } [Privacy Policy](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .md-button }
[:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary }
[:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://help.gnome.org/users/evolution/stable/){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.gnome.org/donate/){ .card-link title=Contribute }
??? downloads
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gnome.Evolution)
- [:fontawesome-brands-gitlab: Source](https://gitlab.gnome.org/GNOME/evolution)
[:pg-flathub:](https://flathub.org/apps/details/org.gnome.Evolution){ .card-link title=Flatpak }
## Kontact
@ -66,13 +73,16 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
**Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, organizer and RSS client.
[Website](https://kontact.kde.org){ .md-button .md-button--primary } [Privacy Policy](https://kde.org/privacypolicy-apps){ .md-button }
[:octicons-home-16: Homepage](https://kontact.kde.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kontact.kde.org/users/){ .card-link title=Documentation}
[:octicons-code-16:](https://invent.kde.org/pim/kmail){ .card-link title="Source Code" }
[:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-linux: Linux](https://kontact.kde.org/download)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.kontact)
- [:fontawesome-brands-git: Source](https://invent.kde.org/pim/kmail)
[:fontawesome-brands-linux:](https://kontact.kde.org/download){ .card-link title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/org.kde.kontact){ .card-link title=Flatpak }
## Mailvelope
@ -82,14 +92,16 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
**Mailvelope** is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.
[Homepage](https://www.mailvelope.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mailvelope.com/en/privacy-policy){ .md-button }
[:octicons-home-16: Homepage](https://www.mailvelope.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.mailvelope.com/en/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://mailvelope.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mailvelope/mailvelope){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/mailvelope)
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke)
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)
- [:fontawesome-brands-github: Source](https://github.com/mailvelope/mailvelope)
[:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/mailvelope){ .card-link title=Firefox }
[:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke){ .card-link title=Chrome }
[:fontawesome-brands-edge:](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc){ .card-link title=Edge }
## K-9 Mail
@ -99,13 +111,17 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
**K-9 Mail** is an independent mail application that supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP.
[Homepage](https://k9mail.app){ .md-button .md-button--primary } [Privacy Policy](https://k9mail.app/privacy){ .md-button }
[:octicons-home-16: Homepage](https://k9mail.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://k9mail.app/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.k9mail.app/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/k9mail/k-9){ .card-link title="Source Code" }
[:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9)
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.fsck.k9)
- [:fontawesome-brands-github: Source](https://github.com/k9mail)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.fsck.k9){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/com.fsck.k9){ .card-link title=F-Droid }
[:fontawesome-brands-github:](https://github.com/k9mail/k-9/releases){ .card-link title=GitHub }
## FairEmail
@ -115,13 +131,16 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
**FairEmail** is a minimal, open source email app, using open standards (IMAP, SMTP, OpenPGP) with a low data and battery usage.
[Homepage](https://email.faircode.eu){ .md-button .md-button--primary } [Privacy Policy](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .md-button }
[:octicons-home-16: Homepage](https://email.faircode.eu){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/M66B/FairEmail/blob/master/FAQ.md){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/M66B/FairEmail){ .card-link title="Source Code" }
[:octicons-heart-16:](https://email.faircode.eu/donate/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=eu.faircode.email)
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/eu.faircode.email/)
- [:fontawesome-brands-github: Source](https://github.com/M66B/FairEmail)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=eu.faircode.email){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/eu.faircode.email/){ .card-link title=F-Droid }
## Canary Mail
@ -131,20 +150,22 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
**Canary Mail** is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock.
[Homepage](https://canarymail.io){ .md-button .md-button--primary } [Privacy Policy](https://canarymail.io/privacy.html){ .md-button }
[:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://canarymail.zendesk.com/){ .card-link title=Documentation}
??? downloads
- [:fontawesome-brands-windows: Windows](https://download.canarymail.io/get_windows)
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/id1236045954)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1236045954)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=io.canarymail.android)
[:fontawesome-brands-app-store:](https://apps.apple.com/app/id1236045954){ .card-link title="Mac App Store" }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1236045954){ .card-link title="App Store" }
[:fontawesome-brands-windows:](https://canarymail.io/downloads.html){ .card-link title=Windows }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=io.canarymail.android){ .card-link title="Google Play" }
!!! attention
Canary Mail only recently released a Windows and Android client, we don't believe they are as stable as their iOS and Mac counterparts.
Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts.
Canary Mail is closed source. We recommend it, due to the few choices there are for email clients on iOS that support PGP E2EE.
Canary Mail is closed source. We recommend it due to the few choices there are for email clients on iOS that support PGP E2EE.
## NeoMutt
@ -156,12 +177,14 @@ Canary Mail is closed source. We recommend it, due to the few choices there are
NeoMutt is a text-based client that has a steep learning curve. It is however, very customizable.
[Homepage](https://neomutt.org){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://neomutt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://neomutt.org/guide/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/neomutt/neomutt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.paypal.com/paypalme/russon/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-linux: Linux](https://neomutt.org/distro)
- [:fontawesome-brands-apple: macOS](https://neomutt.org/distro)
- [:fontawesome-brands-github: Source](https://github.com/neomutt/neomutt)
[:fontawesome-brands-linux:](https://neomutt.org/distro){ .card-link title=Linux }
[:fontawesome-brands-apple:](https://neomutt.org/distro){ .card-link title=macOS }
--8<-- "includes/abbreviations.en.md"

233
docs/email.en.md
View File

@ -16,47 +16,53 @@ For everything else, we recommend a variety of email providers based on sustaina
## Recommended Email Providers
### ProtonMail
### Proton Mail
!!! recommendation
![ProtonMail logo](assets/img/email/protonmail.svg){ align=right }
![Proton Mail logo](assets/img/email/protonmail.svg){ align=right }
**ProtonMail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. ProtonMail is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan.
**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan.
Free accounts have some limitations, such as not being able to search body text and not having access to [ProtonMail Bridge](https://protonmail.com/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts are available starting at **€48/y** which include features like ProtonMail Bridge, additional storage, and custom domain support.
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts are available starting at **€48/y** which include features like Proton Mail Bridge, additional storage, and custom domain support.
With the [transition to Proton.me](https://proton.me/news/updated-proton), paid plans have changed. Existing users before the 25 May 2022 will get to keep their [existing plan](https://proton.me/support/upgrading-to-new-proton-plan) pricing.
**Free**
[Website](https://protonmail.com){ .md-button .md-button--primary } [Privacy Policy](https://protonmail.com/privacy-policy){ .md-button }
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:pg-tor:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title=Onion }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" }
??? check "Custom Domains and Aliases"
Paid ProtonMail subscribers can use their own domain with the service. [Catch-all](https://protonmail.com/support/knowledge-base/catch-all/) addresses are supported with custom domains for Professional and Visionary plans. ProtonMail also supports [subaddressing](https://protonmail.com/support/knowledge-base/creating-aliases/), which is useful for people who don't want to purchase a domain.
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
??? check "Private Payment Methods"
ProtonMail accepts Bitcoin in addition to accepting credit/debit cards and PayPal.
Proton Mail accepts Bitcoin in addition to accepting credit/debit cards and PayPal.
??? check "Account Security"
ProtonMail supports TOTP [two factor authentication](https://protonmail.com/support/knowledge-base/two-factor-authentication/) only. The use of a U2F security key is not yet supported. ProtonMail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
??? check "Data Security"
ProtonMail has [zero access encryption](https://protonmail.com/blog/zero-access-encryption) at rest for your emails, [address book contacts](https://protonmail.com/blog/encrypted-contacts-manager), and [calendars](https://protonmail.com/blog/protoncalendar-security-model). This means the messages and other data stored in your account are only readable by you.
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
??? check "Email Encryption"
ProtonMail has [integrated OpenPGP encryption](https://protonmail.com/support/knowledge-base/how-to-use-pgp) in their webmail. Emails to other ProtonMail accounts are encrypted automatically, and encryption to non-ProtonMail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-ProtonMail addresses](https://protonmail.com/support/knowledge-base/encrypt-for-outside-users) without the need for them to sign up for a ProtonMail account or use software like OpenPGP.
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
ProtonMail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use ProtonMail to find the OpenPGP keys of ProtonMail accounts easily, for cross-provider E2EE.
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
??? info "Additional Functionality"
ProtonMail's login and services are accessible over Tor, [protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/)
ProtonMail offers a "Visionary" account for €24/Month, which also enables access to ProtonVPN in addition to providing multiple accounts, domains, aliases, and extra storage.
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
### Mailbox.org
@ -68,7 +74,9 @@ For everything else, we recommend a variety of email providers based on sustaina
**EUR €12/year**
[Website](https://mailbox.org){ .md-button .md-button--primary } [Privacy Policy](https://mailbox.org/en/data-protection-privacy-policy){ .md-button }
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation}
??? check "Custom Domains and Aliases"
@ -100,45 +108,6 @@ For everything else, we recommend a variety of email providers based on sustaina
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
### Disroot
!!! recommendation
![Disroot logo](assets/img/email/disroot.svg#only-light){ align=right }
![Disroot logo](assets/img/email/disroot-dark.svg#only-dark){ align=right }
**Disroot** offers email amongst [other services](https://disroot.org/en/#services). The service is maintained by volunteers and its community. They have been in operation since 2015. Disroot is based in Amsterdam. Disroot is free and uses open source software such as Rainloop to provide service. You can support the service through donations and buying extra storage. The mailbox limit is 1 GB, but extra storage can be purchased 0.15€ per GB per month paid yearly.
**Free**
[Website](https://disroot.org){ .md-button .md-button--primary } [Privacy Policy](https://disroot.org/en/privacy_policy){ .md-button }
??? check "Custom Domains and Aliases"
Disroot lets you use your own domain. They have aliases, however you must [manually apply](https://disroot.org/en/forms/alias-request-form) for them.
??? check "Private Payment Methods"
Disroot accepts Bitcoin and Faircoin as payment methods. They also accept PayPal, direct bank deposit, and Patreon payments. Disroot is a not-for-profit organization that also accepts donations through Liberapay, Flattr, and Monero, but these payment methods cannot be used to purchase services.
??? check "Account Security"
Disroot supports TOTP two factor authentication for webmail only. They do not allow U2F security key authentication.
??? warning "Data Security"
Disroot uses FDE. However, it doesn't appear to be "zero access", meaning it is technically possible for them to decrypt the data they have if it is not additionally encrypted with a tool like OpenPGP.
Disroot also uses the standard [CalDAV](https://en.wikipedia.org/wiki/CalDAV) and [CardDAV](https://en.wikipedia.org/wiki/CardDAV) protocols for calendars and contacts, which do not support E2EE. A [standalone option](calendar-contacts.md) may be more appropriate.
??? check "Email Encryption"
Disroot allows for encrypted emails to be sent from their webmail application using OpenPGP. However, Disroot has not integrated a Web Key Directory (WKD) for email accounts on their platform.
??? info "Additional Functionality"
They offer [other services](https://disroot.org/en/#services) such as NextCloud, XMPP Chat, Etherpad, Ethercalc, Pastebin, Online polls and a Gitea instance. They also have an app [available in F-Droid](https://f-droid.org/packages/org.disroot.disrootapp/).
### Tutanota
!!! recommendation
@ -150,7 +119,11 @@ For everything else, we recommend a variety of email providers based on sustaina
**Free**
[Website](https://tutanota.com){ .md-button .md-button--primary } [Privacy Policy](https://tutanota.com/privacy){ .md-button }
[:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute }
Tutanota [doesn't allow](https://tutanota.com/faq/#imap) the use of third-party [email clients](email-clients.md). Tutanota has no plans pull email from [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) using the IMAP protocol. [Email import](https://github.com/tutao/tutanota/issues/630) is currently not possible.
@ -197,7 +170,9 @@ Tutanota is working on a [desktop client](https://tutanota.com/blog/posts/deskto
**USD $59.95/year**
[Website](https://startmail.com/){ .md-button .md-button--primary } [Privacy Policy](https://www.startmail.com/en/privacy/){ .md-button }
[:octicons-home-16: Homepage](https://startmail.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation}
??? check "Custom Domains and Aliases"
@ -252,21 +227,23 @@ Using an aliasing service requires trusting both your email provider and your al
![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
**[SimpleLogin](https://simplelogin.io)** (now owned by ProtonMail) is a free service which provides email aliases on a variety of shared domain names, and optionally provides features like unlimited aliases and custom domains for $30/year. [Source code on GitHub](https://github.com/simple-login/app).
**[SimpleLogin](https://simplelogin.io)** is a free service which provides email aliases on a variety of shared domain names, and optionally provides features like unlimited aliases and custom domains for $30/year. [Source code on GitHub](https://github.com/simple-login/app).
[Website](https://simplelogin.io){ .md-button .md-button--primary } [Privacy Policy](https://simplelogin.io/privacy/){ .md-button }
[:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/)
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
- [:fontawesome-brands-safari: Safari](https://apps.apple.com/app/id1494051017)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1494359858)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android)
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/io.simplelogin.android.fdroid/)
- [:fontawesome-brands-github: Source](https://github.com/simple-login)
[:fontawesome-brands-firefox:](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/){ .card-link title=Firefox }
[:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn){ .card-link title=Chrome }
[:fontawesome-brands-edge:](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff){ .card-link title=Edge }
[:fontawesome-brands-safari:](https://apps.apple.com/app/id1494051017){ .card-link title=Safari }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1494359858){ .card-link title="App Store" }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=io.simplelogin.android){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/en/packages/io.simplelogin.android.fdroid/){ .card-link title=F-Droid }
SimpleLogin [is owned by ProtonMail](https://protonmail.com/blog/proton-and-simplelogin-join-forces/) as of April 8, 2022. If you use ProtonMail for your primary mailbox, this makes SimpleLogin a great choice: You now only have to trust a single email provider and SimpleLogin will be more tightly integrated with ProtonMail's offerings in the future. Nonetheless, SimpleLogin continues to support forwarding to any email provider of your chosing.
SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing.
Notable free features:
@ -283,14 +260,16 @@ Notable free features:
**[AnonAddy](https://anonaddy.com)** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. It has two premium plans at $12/year and $36/year which provide additional features. [Source code on GitHub](https://github.com/anonaddy/anonaddy).
[Website](https://anonaddy.com){ .md-button .md-button--primary } [Privacy Policy](https://anonaddy.com/privacy/){ .md-button }
[:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/)
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe)
- [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
- [:fontawesome-brands-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
- [:fontawesome-brands-github: Source](https://github.com/anonaddy)
[:fontawesome-brands-firefox:](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/){ .card-link title=Firefox }
[:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe){ .card-link title=Chrome }
[:material-apple-ios:](https://anonaddy.com/faq/#is-there-an-ios-app){ .card-link title=iOS }
[:fontawesome-brands-android:](https://anonaddy.com/faq/#is-there-an-android-app){ .card-link title=Android }
The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/month plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
@ -314,13 +293,22 @@ Advanced system administrators may consider setting up their own email server. M
![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right }
**[Mail-in-a-Box](https://mailinabox.email)** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
**Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
[:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
!!! recommendation
![Mailcow logo](assets/img/email/mailcow.svg){ align=right }
**[Mailcow](https://mailcow.email)** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mailserver with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. **[Mailcow Dockerized docs](https://mailcow.github.io/mailcow-dockerized-docs/)**
**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mailserver with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.
[:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribute }
For a more manual approach we've picked out these two articles.
@ -331,35 +319,22 @@ For a more manual approach we've picked out these two articles.
**Please note we are not affiliated with any of the providers we recommend.** This allows us to provide completely objective recommendations. We have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you.
### Jurisdiction
Operating outside the five/nine/fourteen-eyes countries is not necessarily a guarantee of privacy, and there are other factors to consider.
**Minimum to Qualify:**
- Operating outside the USA or other Five Eyes countries.
**Best Case:**
- Operating outside the USA or other Fourteen Eyes countries.
- Operating inside a country with strong consumer protection laws.
### Technology
We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require.
**Minimum to Qualify:**
- Encrypts account data at rest.
- Integrated webmail encryption provides convenience to those who want an improvement on having no E2EE.
- Encrypts email account data at rest with zero-access encryption.
- Integrated webmail E2EE/PGP encryption provided as a convenience.
**Best Case:**
- Encrypts account data at rest with zero-access encryption.
- Allow you to use your own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important, because they allow you to maintain your agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy, etc.
- Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP.
You can get a key by typing: `gpg --locate-key example_user@example.com`
- Support for a temporary mailbox for outside accounts. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
- Encrypts all account data (Contacts, Calendars etc) at rest with zero-access encryption.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy etc.
- Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP.
GnuPG users can get a key by typing: `gpg --locate-key example_user@example.com`
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
- Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion).
- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) support.
- Catch-all or alias functionality for those who own their own domains.
@ -374,6 +349,7 @@ We prefer our recommended providers to collect as little data as possible.
- Protect sender's IP address. Filter it from showing in the `Received` header field.
- Don't require personally identifiable information (PII) besides username and password.
- Privacy policy that meets the requirements defined by the GDPR
- Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/).
**Best Case:**
@ -396,9 +372,8 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/).
- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
- Website security standards such as:
- [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
- [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains.
- [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
- [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains.
**Best Case:**
@ -408,9 +383,8 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617).
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
- Website security standards such as:
- [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
- [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct)
- [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
- [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct)
### Trust
@ -431,7 +405,7 @@ With the email providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
- Must self host analytics (no Google Analytics etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out.
- Must self-host analytics (no Google Analytics etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out.
Must not have any marketing which is irresponsible:
@ -449,58 +423,5 @@ Must not have any marketing which is irresponsible:
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
## Email Encryption Overview
### What is end-to-end encryption (E2EE) in email?
E2EE is a way of encrypting email contents so that nobody but the recipient(s) can read the email message.
### How can I encrypt my email?
The standard way to do email E2EE and have it work between different email providers is with OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org).
There is another standard that was popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480).
### What software can I use to get E2EE?
Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](email-clients.md). This can be less secure as you are now relying on email providers to ensure that their encryption implementation works and has not been compromised in anyway.
### How do I protect my private keys?
A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
### Who can see the email metadata?
Email metadata is able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients. Sometimes email servers will also use external parties to protect against spam.
### What is email metadata?
Email software will often show some visible headers that you may have seen such as: `To`, `From`, `Cc`, `Date`, `Subject`.
### When is email metadata used?
Client software may use it to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent.
### Where is the email metadata?
Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message.
### Why can't email metadata be E2EE?
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally and is also optional, therefore, only the message content is protected.
### How is my metadata protected?
When emails travel between email providers an encrypted connection is negotiated using [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS). This protects the metadata from outside observers, but as it is not E2EE, server administrators can snoop on the metadata of an email.
## Additional Reading
- [An NFC PGP SmartCard For Android](https://www.grepular.com/An_NFC_PGP_SmartCard_For_Android)
- [Aging 'Privacy' Law Leaves Cloud E-Mail Open to Cops (2011)](https://www.wired.com/2011/10/ecpa-turns-twenty-five/)
- [The Government Can (Still) Read Most Of Your Emails Without A Warrant (2013)](https://thinkprogress.org/the-government-can-still-read-most-of-your-emails-without-a-warrant-322fe6defc7b/)
--8<-- "includes/abbreviations.en.md"

128
docs/encryption.en.md
View File

@ -17,14 +17,16 @@ The options listed here are multi-platform and great for creating encrypted back
**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.
[Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://www.veracrypt.fr/en/Downloads.html)
- [:fontawesome-brands-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- [:fontawesome-brands-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
- [:fontawesome-brands-git: Source](https://www.veracrypt.fr/code)
[:fontawesome-brands-windows:](https://www.veracrypt.fr/en/Downloads.html){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://www.veracrypt.fr/en/Downloads.html){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://www.veracrypt.fr/en/Downloads.html){ .card-link title=Linux }
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
@ -40,18 +42,21 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru
**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider.
[Homepage](https://cryptomator.org){ .md-button .md-button--primary } [Privacy Policy](https://cryptomator.org/privacy){ .md-button }
[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://cryptomator.org/downloads)
- [:fontawesome-brands-apple: macOS](https://cryptomator.org/downloads)
- [:fontawesome-brands-linux: Linux](https://cryptomator.org/downloads)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- [:pg-f-droid: F-Droid](https://cryptomator.org/android)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- [:fontawesome-brands-github: Source](https://github.com/cryptomator)
[:fontawesome-brands-windows:](https://cryptomator.org/downloads){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://cryptomator.org/downloads){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://cryptomator.org/downloads){ .card-link title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/org.cryptomator.Cryptomator){ .card-link title=Flatpak }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.cryptomator){ .card-link title="Google Play" }
[:fontawesome-brands-android:](https://cryptomator.org/android){ .card-link title=Android }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/cryptomator-2/id1560822163){ .card-link title="App Store" }
Cryptomator utilizes AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt some metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
@ -67,14 +72,15 @@ Cryptomator's documentation details its intended [security target](https://docs.
**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
[Project Info](https://github.com/HACKERALERT/Picocrypt#readme){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- [:fontawesome-brands-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- [:fontawesome-brands-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
- [:fontawesome-brands-github: Source](https://github.com/HACKERALERT/Picocrypt)
[:fontawesome-brands-windows:](https://github.com/HACKERALERT/Picocrypt/releases){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://github.com/HACKERALERT/Picocrypt/releases){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://github.com/HACKERALERT/Picocrypt/releases){ .card-link title=Linux }
## OS Full Disk Encryption
@ -88,7 +94,7 @@ Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryp
**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
[Overview](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise, and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
@ -133,7 +139,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
[Article](https://support.apple.com/en-us/HT204837){ .md-button .md-button--primary }
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
We recommend storing a local recovery key in a secure place as opposed to utilizing iCloud FileVault recovery. As well, FileVault should be enabled **after** a complete macOS installation as more pseudorandom number generator ([PRNG](https://support.apple.com/guide/security/random-number-generation-seca0c73a75b/web)) [entropy](https://en.wikipedia.org/wiki/Entropy_(computing)) will be available.
@ -145,7 +151,9 @@ We recommend storing a local recovery key in a secure place as opposed to utiliz
**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
[Project Wiki](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
??? example "Creating and opening encrypted containers"
@ -182,15 +190,15 @@ Browser-based encryption can be useful when you need to encrypt a file but canno
**Hat.sh** is a web application that provides secure client-side file encryption in your browser. It can also be self-hosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies.
[Homepage](https://hat.sh){ .md-button .md-button--primary }
??? downloads
- [:fontawesome-brands-github: Source](https://github.com/sh-dv/hat.sh)
[:octicons-globe-16: Website](https://hat.sh){ .md-button .md-button--primary }
[:octicons-eye-16:](https://hat.sh/about/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://hat.sh/about/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" }
:octicons-heart-16:{ .card-link title="Donations methods can be found at the bottom of the website" }
## Command-line
Tools with command-line interfaces are useful for intergrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script).
Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script).
### Kryptor
@ -200,14 +208,17 @@ Tools with command-line interfaces are useful for intergrating [shell scripts](h
**Kryptor** is a free and open source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
[Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary } [Privacy Policy](https://www.kryptor.co.uk/features#privacy){ .md-button }
[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://www.kryptor.co.uk)
- [:fontawesome-brands-apple: macOS](https://www.kryptor.co.uk)
- [:fontawesome-brands-linux: Linux](https://www.kryptor.co.uk)
- [:fontawesome-brands-github: Source](https://github.com/samuel-lucas6/Kryptor)
[:fontawesome-brands-windows:](https://www.kryptor.co.uk){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://www.kryptor.co.uk){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://www.kryptor.co.uk){ .card-link title=Linux }
### Tomb
@ -217,11 +228,10 @@ Tools with command-line interfaces are useful for intergrating [shell scripts](h
**Tomb** is an is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
[Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
??? downloads
- [:fontawesome-brands-github: Source](https://github.com/dyne/Tomb)
[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
## OpenPGP
@ -245,15 +255,17 @@ When encrypting with PGP, you have the option to configure different options in
**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
[Homepage](https://gnupg.org){ .md-button .md-button--primary } [Privacy Policy](https://gnupg.org/privacy-policy.html){ .md-button }
[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
- [:fontawesome-brands-apple: macOS](https://gpgtools.org)
- [:fontawesome-brands-linux: Linux](https://gnupg.org/download/index.html#binary)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- [:fontawesome-brands-git: Source](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git)
[:fontawesome-brands-windows:](https://gpg4win.org/download.html){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://gpgtools.org){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://gnupg.org/download/index.html#binary){ .card-link title=Linux }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain){ .card-link title="Google Play" }
### GPG4win
@ -263,12 +275,15 @@ When encrypting with PGP, you have the option to configure different options in
**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
[Homepage](https://gpg4win.org){ .md-button .md-button--primary } [Privacy Policy](https://gpg4win.org/privacy-policy.html){ .md-button }
[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://gpg4win.org/download.html)
- [:fontawesome-brands-git: Source](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary)
[:fontawesome-brands-windows:](https://gpg4win.org/download.html){ .card-link title=Windows }
### GPG Suite
@ -284,12 +299,14 @@ When encrypting with PGP, you have the option to configure different options in
We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
[Homepage](https://gpgtools.org){ .md-button .md-button--primary } [Privacy Policy](https://gpgtools.org/privacy){ .md-button }
[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-apple: macOS](https://gpgtools.org)
- [:fontawesome-brands-git: Source](https://github.com/GPGTools)
[:fontawesome-brands-apple:](https://gpgtools.org){ .card-link title=macOS }
### OpenKeychain
@ -299,12 +316,15 @@ When encrypting with PGP, you have the option to configure different options in
**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
[Homepage](https://www.openkeychain.org){ .md-button .md-button--primary } [Privacy Policy](https://www.openkeychain.org/help/privacy-policy){ .md-button }
[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
:octicons-heart-16:{ .card-link title="Donations can be made within the app" }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain/)
- [:fontawesome-brands-git: Source](https://github.com/open-keychain/open-keychain)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/org.sufficientlysecure.keychain/){ .card-link title=F-Droid }
--8<-- "includes/abbreviations.en.md"

64
docs/file-sharing.en.md
View File

@ -14,14 +14,16 @@ Discover how to privately share your files between your devices, with your frien
**OnionShare** is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files.
[Homepage](https://onionshare.org){ .md-button .md-button--primary } [:pg-tor:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .md-button }
[:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
[:pg-tor:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title=Onion }
[:octicons-info-16:](https://docs.onionshare.org/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-windows: Windows](https://onionshare.org/#download)
- [:fontawesome-brands-apple: macOS](https://onionshare.org/#download)
- [:fontawesome-brands-linux: Linux](https://onionshare.org/#download)
- [:fontawesome-brands-github: Source](https://github.com/onionshare/onionshare)
[:fontawesome-brands-windows:](https://onionshare.org/#download){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://onionshare.org/#download){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://onionshare.org/#download){ .card-link title=Linux }
### Magic Wormhole
@ -31,14 +33,15 @@ Discover how to privately share your files between your devices, with your frien
**Magic Wormhole** is a package that provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. Their motto: "Get things from one computer to another, safely.
[Homepage](https://magic-wormhole.readthedocs.io){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://github.com/magic-wormhole/magic-wormhole){ .md-button .md-button--primary }
[:octicons-info-16:](https://magic-wormhole.readthedocs.io/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/magic-wormhole/magic-wormhole){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-windows: Windows](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
- [:fontawesome-brands-apple: macOS](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#macos-os-x)
- [:fontawesome-brands-linux: Linux](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
- [:fontawesome-brands-github: Source](https://github.com/magic-wormhole/magic-wormhole)
[:fontawesome-brands-windows:](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#macos-os-x){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation){ .card-link title=Linux }
## FreedomBox
@ -48,11 +51,10 @@ Discover how to privately share your files between your devices, with your frien
**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to selfhost.
[Homepage](https://freedombox.org){ .md-button .md-button--primary }
??? downloads
- [:fontawesome-brands-git: Source](https://salsa.debian.org/freedombox-team/freedombox)
[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation}
[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
[:octicons-heart-16:](https://freedomboxfoundation.org/donate/){ .card-link title=Contribute }
## File Sync
@ -64,16 +66,21 @@ Discover how to privately share your files between your devices, with your frien
**Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
[Homepage](https://syncthing.net){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" }
[:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://syncthing.net/downloads)
- [:fontawesome-brands-apple: macOS](https://syncthing.net/downloads)
- [:fontawesome-brands-linux: Linux](https://syncthing.net/downloads)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid)
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.nutomic.syncthingandroid/)
- [:fontawesome-brands-github: Source](https://github.com/syncthing)
[:fontawesome-brands-windows:](https://syncthing.net/downloads/){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://syncthing.net/downloads/){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://syncthing.net/downloads/){ .card-link title=Linux }
[:fontawesome-brands-freebsd:](https://syncthing.net/downloads/){ .card-link title=FreeBSD }
[:pg-openbsd:](https://syncthing.net/downloads/){ .card-link title=OpenBSD }
[:pg-netbsd:](https://syncthing.net/downloads/){ .card-link title=NetBSD }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/com.nutomic.syncthingandroid/){ .card-link title=F-Droid }
### git-annex
@ -83,11 +90,14 @@ Discover how to privately share your files between your devices, with your frien
**git-annex** allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle, whether due to limitations in memory, time, or disk space.
[Homepage](https://git-annex.branchable.com){ .md-button .md-button--primary } [Privacy Policy](https://git-annex.branchable.com/privacy){ .md-button }
[:octicons-home-16: Homepage](https://git-annex.branchable.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://git-annex.branchable.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://git-annex.branchable.com/walkthrough/){ .card-link title=Documentation}
[:octicons-code-16:](https://git-annex.branchable.com/install/fromsource/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://git-annex.branchable.com/thanks/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://git-annex.branchable.com/install/Windows)
- [:fontawesome-brands-apple: macOS](https://git-annex.branchable.com/install/OSX)
- [:fontawesome-brands-linux: Linux](https://git-annex.branchable.com/install)
- [:fontawesome-brands-git: Source](https://git-annex.branchable.com/install/fromsource/)
[:fontawesome-brands-windows:](https://git-annex.branchable.com/install/Windows){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://git-annex.branchable.com/install/OSX){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://git-annex.branchable.com/install){ .card-link title=Linux }

4
docs/index.en.md
View File

@ -15,6 +15,8 @@ hide:
Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, we didn't always have the right to privacy. In several dictatorships, many still don't. Generations before ours fought for our right to privacy. ==Privacy is a human right inherent to all of us== that we are entitled to without discrimination.
You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to hide, privacy is something that makes you human.
[:material-target-account: Common Internet Threats](basics/common-threats.md){ .md-button .md-button--primary }
</div>
<div style="margin-left:auto;margin-right:0;text-align:right;max-width:38rem;" markdown>
@ -26,7 +28,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan.
[:material-book-outline: Learn More About Threat Modeling](threat-modeling.md){ .md-button .md-button--primary }
[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md){ .md-button .md-button--primary }
</div>
</div>

86
docs/linux-desktop.en.md
View File

@ -18,7 +18,9 @@ If you don't already use Linux, below are some distributions we suggest trying o
**Fedora Workstation** is our recommended distribution for people new to Linux. Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org), and soon, [FS-Verity](https://fedoraproject.org/wiki/Changes/FsVerityRPM). These new technologies often come with improvements in security, privacy, and usability in general.
[Homepage](https://getfedora.org/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://getfedora.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs/){ .card-link title=Documentation}
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute }
Fedora has a semi-rolling release cycle. While some packages like [GNOME](https://www.gnome.org) are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.
@ -32,7 +34,9 @@ Fedora has a semi-rolling release cycle. While some packages like [GNOME](https:
openSUSE Tumbleweed has a [transactional update](https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/) system that uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) to ensure that snapshots can be rolled back should there be a problem.
[Homepage](https://get.opensuse.org/tumbleweed/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://get.opensuse.org/tumbleweed/){ .md-button .md-button--primary }
[:octicons-info-16:](https://doc.opensuse.org/){ .card-link title=Documentation}
[:octicons-heart-16:](https://shop.opensuse.org/){ .card-link title=Contribute }
Tumbleweed follows a rolling release model where each update is released as a snapshot of the distribution. When you upgrade your system, a new snapshot is downloaded. Each snapshot is run through a series of automated tests by [openQA](https://openqa.opensuse.org) to ensure its quality.
@ -44,7 +48,9 @@ Tumbleweed follows a rolling release model where each update is released as a sn
**Arch Linux** is a lightweight, do-it-yourself (DIY) distribution meaning that you only get what you install. For more information see their [FAQ](https://wiki.archlinux.org/title/Frequently_asked_questions).
[Homepage](https://archlinux.org/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://archlinux.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://wiki.archlinux.org/){ .card-link title=Documentation}
[:octicons-heart-16:](https://archlinux.org/donate/){ .card-link title=Contribute }
Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
@ -62,7 +68,9 @@ A large portion of [Arch Linuxs packages](https://reproducible.archlinux.org)
**Fedora Silverblue** and **Fedora Kinoite** are immutable variants of Fedora with a strong focus on container workflows. Silverblue comes with the [GNOME](https://www.gnome.org/) desktop environment while Kinoite comes with [KDE](https://kde.org/). Silverblue and Kinoite follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
[Homepage](https://silverblue.fedoraproject.org/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://silverblue.fedoraproject.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/fedora-silverblue/){ .card-link title=Documentation}
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute }
Silverblue (and Kinoite) differ from Fedora Workstation as they replace the [DNF](https://fedoraproject.org/wiki/DNF) package manager with a much more advanced alternative called [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/package-management/rpm-ostree/). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image.
@ -80,7 +88,9 @@ As an alternative to Flatpaks, there is the option of [Toolbox](https://docs.fed
NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability.
[Homepage](https://nixos.org/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://nixos.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://nixos.org/learn.html){ .card-link title=Documentation}
[:octicons-heart-16:](https://nixos.org/donate.html){ .card-link title=Contribute }
NixOSs package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
@ -102,7 +112,9 @@ Nix is a source-based package manager; if theres no pre-built available in th
**Whonix** is based on [Kicksecure](https://www.whonix.org/wiki/Kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet.
[Homepage](https://www.whonix.org/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://www.whonix.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=Documentation}
[:octicons-heart-16:](https://www.whonix.org/wiki/Donate){ .card-link title=Contribute }
Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway”. All communications from the Workstation has to go through the Tor gateway, and will be routed through the Tor Network.
@ -122,66 +134,10 @@ Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qube
It can boot on almost any computer from a DVD, USB stick, or SD card. It aims to preserve privacy and anonymity while circumventing censorship and leaving no trace of itself on the computer it is used on.
[Homepage](https://tails.boum.org/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://tails.boum.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://tails.boum.org/doc/index.en.html){ .card-link title=Documentation}
[:octicons-heart-16:](https://tails.boum.org/donate/){ .card-link title=Contribute }
By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/first_steps/persistence/index.en.html) can be configured to store some data.
## General Recommendations
### Drive Encryption
Most Linux distributions have an installer option for enabling LUKS FDE upon installation.
If this option isnt set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted.
When securely erasing storage devices such as a Solid-state drive (SSD) you should use the [ATA Secure Erase](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) command. This command can be issued from your UEFI setup. If the storage device is a regular hard drive (HDD), consider using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe).
### Swap
Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM).
### Wayland
We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland.
Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If youre using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
We recommend **against** using desktop environments or window managers that do not have Wayland support such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
### Proprietary Firmware (Microcode Updates)
Linux distributions such as those which are [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) or DIY (Arch Linux) dont come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html).
We **highly recommend** that you install the microcode updates, as your CPU is already running the proprietary microcode from the factory. Fedora and openSUSE both have the microcode updates applied by default.
## Privacy Tweaks
### MAC Address Randomization
Many desktop Linux distributions (Fedora, openSUSE etc) will come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), to configure Ethernet and Wi-Fi settings.
It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm/) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network youre connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous.
We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm/).
If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=).
There isnt much point in randomizing the MAC address for Ethernet connections as a system administrator can find you by looking at the port you are using on the [network switch](https://en.wikipedia.org/wiki/Network_switch). Randomizing Wi-Fi MAC addresses depends on support from the Wi-Fis firmware.
### Other Identifiers
There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](threat-modeling.md):
- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings.
- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name.
- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).
### System Counting
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
--8<-- "includes/abbreviations.en.md"

22
docs/linux-desktop/hardening.en.md
View File

@ -28,11 +28,21 @@ There are some additional kernel hardening options such as configuring [sysctl](
- [Recommended boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters)
- [Additional recommendations to reduce the kernel's attack surface](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction)
Note that setting `kernel.unprivileged_userns_clone=0` will stop Flatpak, Snap (that depend on browser-sandbox), Electron based AppImages, Podman, Docker, and LXC containers from working. Do **not** set this flag if you are using container products.
Do **not** disable unprivileged user namespaces if you use software that relies on it, like: Podman, Docker and LXC containers. The option will prevent this software from working.
## Linux-Hardened
Some distributions like Arch Linux have the [linux-hardened](https://github.com/anthraxx/linux-hardened), kernel package. It includes [hardening patches](https://wiki.archlinux.org/title/security#Kernel_hardening) and more security-conscious defaults. Linux-Hardened has `kernel.unprivileged_userns_clone=0` disabled by default. See the [warning above](#kernel-hardening) about how this might impact you.
Some distributions like Arch Linux have the [linux-hardened](https://github.com/anthraxx/linux-hardened), kernel package. It includes [hardening patches](https://wiki.archlinux.org/title/security#Kernel_hardening) and more security-conscious defaults. Linux-Hardened has `kernel.unprivileged_userns_clone=0` disabled by default. See the [note above](#kernel-hardening) about how this might impact you.
## Linux Kernel Runtime Guard (LKRG)
LKRG is a kernel module that performs runtime integrity check on the kernel to help detect detect exploits against the kernel. LKRG works in a *post*-detect fashion, attempting to respond to unauthorized modifications to the running Linux kernel. While it is [bypassable by design](https://lkrg.org/), it does stop off-the-shelf malware that does not specifically target LKRG itself. This may make exploits harder to develop and execute on vulnerable systems.
If you can get LKRG and maintain module updates it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions on how this can be achieved. There is no LKRG package for Fedora yet, however the Qubes OS project has a COPR repository which [may become](https://github.com/QubesOS/qubes-issues/issues/5461) part of the main distribution in the future. Archlinux based systems provide LKRG DKMS modules via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
## GRSecurity
GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. It requires [payment to access](https://github.com/QubesOS/qubes-issues/issues/5461) the code.
## Simultaneous multithreading (SMT)
@ -40,7 +50,9 @@ Some distributions like Arch Linux have the [linux-hardened](https://github.com/
## Hardened memory allocator
The [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) from [GrapheneOS](https://grapheneos.org) can be used on Linux distributions. It is available by default on Whonix and is available as an [AUR package](https://wiki.archlinux.org/title/Security#Hardened_malloc) on Arch based distributions. If you are using the AUR package, consider setting up `LD_PRELOAD` as described in the [Arch Wiki](https://wiki.archlinux.org/title/Security#Hardened_malloc).
The [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) from [GrapheneOS](https://grapheneos.org) can also be used on general Linux distributions. It is available as an [AUR package](https://wiki.archlinux.org/title/Security#Hardened_malloc) on Arch based distributions, and (though not enabled by default) on Whonix and Kicksecure.
If you are using Whonix, Kicksecure or the AUR package, consider setting up `LD_PRELOAD` as described in the [Kicksecure Documentation](https://www.kicksecure.com/wiki/Hardened_Malloc) or [Arch Wiki](https://wiki.archlinux.org/title/Security#Hardened_malloc).
## Umask
@ -48,7 +60,9 @@ If you are not using openSUSE, consider changing the default [umask](https://en.
## Mountpoint hardening
Consider adding the [following options](https://man7.org/linux/man-pages/man8/mount.8.html) `nodev`, `noexec`, and `nosuid` to [mountpoints](https://en.wikipedia.org/wiki/Mount_(computing)) which do not need them. Typically, these could be applied to `/boot`, `/boot/efi`, `/home`, `/root`, and `/var`.
Consider adding the [following options](https://man7.org/linux/man-pages/man8/mount.8.html) `nodev`, `noexec`, and `nosuid` to [mountpoints](https://en.wikipedia.org/wiki/Mount_(computing)) which do not need them. Typically, these could be applied to `/boot`, `/boot/efi`, and `/var`.
These flags could also be applied to `/home` and `/root` as well, however, `noexec` will prevent applications from working that require binary execution in those locations. This includes products such as Flatpak and Snap.
If you use [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/), `/var/log/journal` must not have any of those options. If you are on Arch Linux, do not apply `noexec` to `/var/tmp`.

70
docs/linux-desktop/overview.en.md
View File

@ -20,7 +20,11 @@ Our website generally uses the term “Linux” to describe desktop GNU/Linux di
[Our Linux Recommendations :material-arrow-right:](../linux-desktop.md){ .md-button }
## Release cycle
## Choosing your distribution
Not all Linux distributions are created equal. While our Linux recommendation page is not meant to be an authoritative source on which distribution you should use, there are a few things you should keep in mind when choosing which distribution to use.
### Release cycle
We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often dont update package versions and fall behind on security updates.
@ -32,7 +36,7 @@ We dont believe holding packages back and applying interim patches is a good
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/i8c0mg_mS7U" title="Regular Releases are Wrong, Roll for your life" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
## Traditional vs Atomic updates
### Traditional vs Atomic updates
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian based distributions can be less reliable if an error occurs while updating.
@ -46,11 +50,11 @@ The Atomic update method is used for immutable distributions like Silverblue, Tu
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/-hpV5l-gJnQ" title="Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
## “Security-focused” distributions
### “Security-focused” distributions
There is often some confusion about “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch, and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They dont include any “extra security” or defensive mitigations intended for regular use.
## Arch-based distributions
### Arch-based distributions
Arch based distributions are not recommended for those new to Linux, regardless of the distribution. Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
@ -63,8 +67,64 @@ If you are experienced with Linux and wish to use an Arch-based distribution, we
- **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes dont break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Archs repositories.
- **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages dont suffer from supply chain attacks.
## Linux-libre kernel and “Libre” distributions
### Linux-libre kernel and “Libre” distributions
We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
## General Recommendations
### Drive Encryption
Most Linux distributions have an option within its installer for enabling [LUKS](/encryption.md#linux-unified-key-setup) FDE. If this option isnt set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right:](../basics/erasing-data.md)
### Swap
Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM).
### Wayland
We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland.
Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If youre using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
We recommend **against** using desktop environments or window managers that do not have Wayland support such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
### Proprietary Firmware (Microcode Updates)
Linux distributions such as those which are [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) or DIY (Arch Linux) dont come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html).
We **highly recommend** that you install the microcode updates, as your CPU is already running the proprietary microcode from the factory. Fedora and openSUSE both have the microcode updates applied by default.
## Privacy Tweaks
### MAC Address Randomization
Many desktop Linux distributions (Fedora, openSUSE etc) will come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), to configure Ethernet and Wi-Fi settings.
It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm/) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network youre connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous.
We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm/).
If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=).
There isnt much point in randomizing the MAC address for Ethernet connections as a system administrator can find you by looking at the port you are using on the [network switch](https://en.wikipedia.org/wiki/Network_switch). Randomizing Wi-Fi MAC addresses depends on support from the Wi-Fis firmware.
### Other Identifiers
There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../basics/threat-modeling.md):
- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings.
- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name.
- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).
### System Counting
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.
--8<-- "includes/abbreviations.en.md"

2
docs/linux-desktop/sandboxing.en.md
View File

@ -61,6 +61,6 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
These container technologies can be useful for those who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
The above container technologies can be useful if you want to run certain web app software on your local network, such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [LinuxServer.io](https://www.linuxserver.io), to increase privacy by decreasing dependence on various web services. A guide on [hardening Docker and OCI](https://wonderfall.dev/docker-hardening) has been written by the author "Wonderfall."
--8<-- "includes/abbreviations.en.md"

66
docs/metadata-removal-tools.en.md
View File

@ -16,15 +16,16 @@ When sharing files, be sure to remove associated metadata. Image files commonly
On Linux, a third party graphical tool [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner) powered by MAT2 exists and is [available on Flathub](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner).
[Homepage](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
[:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Documentation}
[:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2)
- [:fontawesome-brands-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
- [:fontawesome-brands-linux: Linux](https://pypi.org/project/mat2)
- [:fontawesome-solid-earth-americas: Web](https://0xacab.org/jvoisin/mat2#web-interface)
- [:fontawesome-brands-gitlab: Source](https://0xacab.org/jvoisin/mat2)
[:fontawesome-brands-windows:](https://pypi.org/project/mat2){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://pypi.org/project/mat2){ .card-link title=Linux }
[:octicons-globe-16:](https://0xacab.org/jvoisin/mat2#web-interface){ .card-link title=Web }
### ExifCleaner
@ -34,14 +35,15 @@ When sharing files, be sure to remove associated metadata. Image files commonly
**ExifCleaner** is a freeware, open source graphical app that uses [ExifTool](https://exiftool.org) to remove Exif metadata from images, videos, and PDF documents using a simple drag and drop interface. It supports multi-core batch processing and dark mode.
[Homepage](https://exifcleaner.com){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://exifcleaner.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/szTheory/exifcleaner#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/szTheory/exifcleaner){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-windows: Windows](https://github.com/szTheory/exifcleaner/releases)
- [:fontawesome-brands-apple: macOS](https://github.com/szTheory/exifcleaner/releases)
- [:fontawesome-brands-linux: Linux](https://github.com/szTheory/exifcleaner/releases)
- [:fontawesome-brands-github: Source](https://github.com/szTheory/exifcleaner)
[:fontawesome-brands-windows:](https://github.com/szTheory/exifcleaner/releases){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://github.com/szTheory/exifcleaner/releases){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://github.com/szTheory/exifcleaner/releases){ .card-link title=Linux }
## Mobile
@ -53,13 +55,16 @@ When sharing files, be sure to remove associated metadata. Image files commonly
**Scrambled Exif** is a metadata removal tool for Android. It can remove Exif data for many file formats and has been translated into [many](https://gitlab.com/juanitobananas/scrambled-exif/-/tree/master/app/src/main/res) languages.
[Project Info](https://gitlab.com/juanitobananas/scrambled-exif#scrambled-exif){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://gitlab.com/juanitobananas/scrambled-exif){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gitlab.com/juanitobananas/scrambled-exif/-/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gitlab.com/juanitobananas/scrambled-exif/-/blob/master/README.md){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/juanitobananas/scrambled-exif){ .card-link title="Source Code" }
[:octicons-heart-16:](https://gitlab.com/juanitobananas/scrambled-exif#donating){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.jarsilio.android.scrambledeggsif)
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.jarsilio.android.scrambledeggsif)
- [:fontawesome-brands-gitlab: Source](https://gitlab.com/juanitobananas/scrambled-exif)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.jarsilio.android.scrambledeggsif){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/en/packages/com.jarsilio.android.scrambledeggsif){ .card-link title=F-Droid }
### Imagepipe
@ -69,32 +74,32 @@ When sharing files, be sure to remove associated metadata. Image files commonly
**Imagepipe** is a a paint app for Android that can be used to redact photos and also delete Exif metadata. It has been translated into [many](https://codeberg.org/Starfish/Imagepipe#translations) languages.
[Project Info](https://codeberg.org/Starfish/Imagepipe#imagepipe){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://codeberg.org/Starfish/Imagepipe){ .md-button .md-button--primary }
[:octicons-info-16:](https://codeberg.org/Starfish/Imagepipe/src/branch/master/README.md){ .card-link title=Documentation}
[:octicons-code-16:](https://codeberg.org/Starfish/Imagepipe){ .card-link title="Source Code" }
??? downloads
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.kaffeemitkoffein.imagepipe/)
- [:fontawesome-brands-git: Source](https://codeberg.org/Starfish/Imagepipe)
[:pg-f-droid:](https://f-droid.org/en/packages/de.kaffeemitkoffein.imagepipe/){ .card-link title=F-Droid }
Imagepipe is only available from F-Droid and not in Google Play. If you're looking for a paint app in Google Play we suggest [Pocket Paint](https://play.google.com/store/apps/details?id=org.catrobat.paintroid).
### Metapho
!!! attention
Metapho is closed source. We recommend it, due to the few choices there are for iOS devices.
!!! recommendation
![Metapho logo](assets/img/metadata-removal/metapho.jpg){ align=right }
Metapho is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location.
Metapho is closed source, however we recommend it due to the few choices there are for iOS.
[Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary } [Privacy Policy](https://zininworks.com/privacy/){ .md-button }
[:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary }
[:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" }
??? downloads
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/metapho/id914457352)
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/metapho/id914457352){ .card-link title="App Store" }
## Command-line
@ -108,15 +113,16 @@ Imagepipe is only available from F-Droid and not in Google Play. If you're looki
It's often a component of other Exif removal applications and is in most Linux distribution repositories.
[Homepage](https://exiftool.org){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://exiftool.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" }
[:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://exiftool.org)
- [:fontawesome-brands-apple: macOS](https://exiftool.org)
- [:fontawesome-brands-linux: Linux](https://exiftool.org)
- [:fontawesome-brands-git: Source](https://sourceforge.net/projects/exiftool)
- [:fontawesome-brands-github: Source](https://github.com/exiftool/exiftool)
[:fontawesome-brands-windows:](https://exiftool.org){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://exiftool.org){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://exiftool.org){ .card-link title=Linux }
!!! example "Deleting data from a directory of files"

36
docs/multi-factor-authentication.en.md
View File

@ -10,11 +10,13 @@ icon: 'material/two-factor-authentication'
![YubiKeys](assets/img/multi-factor-authentication/yubikey.png)
The **YubiKeys** are among the most popular security keys. Some YubiKey models have a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](security/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](security/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP/), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
The **YubiKeys** are among the most popular security keys. Some YubiKey models have a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP/), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
One of the benefits of the YubiKey is that one key can do almost everything (YubiKey 5), you could expect from a hardware security key. We do encourage you to take the [quiz](https://www.yubico.com/quiz/) before purchasing in order to make sure you make the right choice.
[Website](https://www.yubico.com){ .md-button .md-button--primary } [Privacy Policy](https://www.yubico.com/support/terms-conditions/privacy-notice){ .md-button }
[:octicons-home-16: Homepage](https://www.yubico.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.yubico.com/){ .card-link title=Documentation}
The [comparison table](https://www.yubico.com/store/compare/) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series.
@ -22,7 +24,7 @@ YubiKeys can be programmed using the [YubiKey Manager](https://www.yubico.com/su
For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
!!! attention
!!! warning
The firmware of YubiKeys are not open source and are not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
### Nitrokey / Librem Key
@ -31,9 +33,11 @@ For models which support HOTP and TOTP, there are 2 slots in the OTP interface w
![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ align=right }
**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](security/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**.
**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**.
[Website](https://www.nitrokey.com){ .md-button .md-button--primary } [Privacy Policy](https://www.nitrokey.com/data-privacy-policy){ .md-button }
[:octicons-home-16: Homepage](https://www.nitrokey.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.nitrokey.com/){ .card-link title=Documentation}
The [comparison table](https://www.nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set.
@ -71,13 +75,17 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
**Aegis Authenticator** is a free, secure and open source app to manage your 2-step verification tokens for your online services.
[Homepage](https://getaegis.app){ .md-button .md-button--primary } [Privacy Policy](https://getaegis.app/aegis/privacy.html){ .md-button }
[:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.beemdevelopment.aegis)
- [:fontawesome-brands-github: GitHub](https://github.com/beemdevelopment/Aegis)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/en/packages/com.beemdevelopment.aegis){ .card-link title=F-Droid }
[:fontawesome-brands-github:](https://github.com/beemdevelopment/Aegis/releases){ .card-link title=GitHub }
### Raivo OTP
@ -87,12 +95,14 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
**Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app.
[Project Info](https://github.com/raivo-otp/ios-application#readme){ .md-button .md-button--primary } [Privacy Policy](https://github.com/raivo-otp/ios-application/blob/master/PRIVACY.md){ .md-button }
[:octicons-repo-16: Repository](https://github.com/raivo-otp/ios-application){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/raivo-otp/ios-application/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/tijme){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/us/app/raivo-otp/id1498497896)
- [:fontawesome-brands-github: GitHub](https://github.com/raivo-otp/ios-application)
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/raivo-otp/id1459042137){ .card-link title="App Store" }
[:fontawesome-brands-app-store:](https://apps.apple.com/us/app/raivo-otp/id1498497896){ .card-link title="Mac App Store" }
--8<-- "includes/abbreviations.en.md"

71
docs/news-aggregators.en.md
View File

@ -15,13 +15,16 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
**Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](self-contained-networks.md#tor).
[Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } [Privacy Policy](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .md-button }
[:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://hyliu.me/fluent-reader)
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/id1520907427)
- [:fontawesome-brands-github: Source](https://github.com/yang991178/fluent-reader.git)
[:fontawesome-brands-windows:](https://hyliu.me/fluent-reader){ .card-link title=Windows }
[:fontawesome-brands-app-store:](https://apps.apple.com/app/id1520907427){ .card-link title="Mac App Store" }
### GNOME Feeds
@ -31,13 +34,14 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
**GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast.
[Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-linux: Linux](https://gfeeds.gabmus.org/#install)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.gabmus.gfeeds)
- [:fontawesome-brands-gitlab: Source](https://gitlab.gnome.org/World/gfeeds)
[:fontawesome-brands-linux:](https://gfeeds.gabmus.org/#install){ .card-link title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/org.gabmus.gfeeds){ .card-link title=Flatpak }
### Akregator
@ -47,28 +51,32 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
**Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading.
[Website](https://apps.kde.org/akregator){ .md-button .md-button--primary } [Privacy Policy](https://kde.org/privacypolicy-apps){ .md-button }
[:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary }
[:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title=Documentation}
[:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" }
[:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute }
??? downloads
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.kde.akregator)
- [:fontawesome-brands-git: Source](https://invent.kde.org/pim/akregator)
[:pg-flathub:](https://flathub.org/apps/details/org.kde.akregator){ .card-link title=Flatpak }
### Handy News Reader
### Feeder
!!! recommendation
![Handy News Reader logo](assets/img/news-aggregators/handy-news-reader.svg){ align=right }
![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right }
**Handy News Reader** is a fork of [Flym](https://github.com/FredJul/Flym) that has many [features](https://github.com/yanus171/Handy-News-Reader#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) and [RDF](https://en.wikipedia.org/wiki/RDF%2FXML).
**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports it supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) and [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
[Homepage](https://yanus171.github.io/Handy-News-Reader/){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" }
[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=ru.yanus171.feedexfork)
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/ru.yanus171.feedexfork/)
- [:fontawesome-brands-github: Source](https://github.com/yanus171/Handy-News-Reader)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/en/packages/com.nononsenseapps.feeder/){ .card-link title=F-Droid }
### NetNewsWire
@ -78,13 +86,15 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
**NetNewsWire** a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Twitter and Reddit feeds.
[Homepage](https://netnewswire.com/){ .md-button .md-button--primary } [Privacy Policy](https://netnewswire.com/privacypolicy){ .md-button }
[:octicons-home-16: Homepage](https://netnewswire.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-apple: macOS](https://netnewswire.com)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210)
- [:fontawesome-brands-github: Source](https://github.com/Ranchero-Software/NetNewsWire)
[:fontawesome-brands-apple:](https://netnewswire.com){ .card-link title=macOS }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210){ .card-link title="App Store" }
### Miniflux
@ -95,11 +105,10 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
**Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
[Homepage](https://miniflux.app){ .md-button .md-button--primary }
??? downloads
- [:fontawesome-brands-github: Source](https://github.com/miniflux)
[:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary }
[:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" }
[:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute }
### Newsboat
@ -109,11 +118,9 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
**Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell).
[Homepage](https://newsboat.org){ .md-button .md-button--primary }
??? downloads
- [:fontawesome-brands-github: Source](https://github.com/newsboat/newsboat)
[:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" }
## Social media that supports RSS

68
docs/notebooks.en.md
View File

@ -17,19 +17,22 @@ If you are currently using an application like Evernote, Google Keep, or Microso
**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[Website](https://joplinapp.org/){ .md-button .md-button--primary } [Privacy Policy](https://joplinapp.org/privacy/){ .md-button }
[:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" }
[:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://joplinapp.org/#desktop-applications)
- [:fontawesome-brands-apple: macOS](https://joplinapp.org/#desktop-applications)
- [:fontawesome-brands-linux: Linux](https://joplinapp.org/#desktop-applications)
- [:fontawesome-brands-firefox-browser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/)
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/joplin/id1315599797)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin)
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.cozic.joplin)
- [:fontawesome-brands-github: GitHub](https://github.com/laurent22/joplin)
[:fontawesome-brands-windows:](https://joplinapp.org/#desktop-applications){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://joplinapp.org/#desktop-applications){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://joplinapp.org/#desktop-applications){ .card-link title=Linux }
[:fontawesome-brands-firefox-browser:](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/){ .card-link title=Firefox }
[:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek){ .card-link title=Chrome }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/joplin/id1315599797){ .card-link title="App Store" }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=net.cozic.joplin){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/en/packages/net.cozic.joplin){ .card-link title=F-Droid }
Joplin does not support password/pin protection for the [application itself or individual notes/notebooks](https://github.com/laurent22/joplin/issues/289). Data is still encrypted in transit and at the sync location using your master key.
@ -41,18 +44,21 @@ Joplin does not support password/pin protection for the [application itself or i
Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
[Website](https://standardnotes.com){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" }
[:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://standardnotes.com)
- [:fontawesome-brands-apple: macOS](https://standardnotes.com)
- [:fontawesome-brands-linux: Linux](https://standardnotes.com)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/id1285392450)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes)
- [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/com.standardnotes)
- [:octicons-browser-16: Browser](https://app.standardnotes.com/)
- [:fontawesome-brands-github: GitHub](https://github.com/standardnotes)
[:fontawesome-brands-windows:](https://standardnotes.com){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://standardnotes.com){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://standardnotes.com){ .card-link title=Linux }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1285392450){ .card-link title="App Store" }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.standardnotes){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/en/packages/com.standardnotes){ .card-link title=F-Droid }
[:octicons-globe-16:](https://app.standardnotes.com/){ .card-link title=Web }
### EteSync Notes
@ -64,15 +70,18 @@ Joplin does not support password/pin protection for the [application itself or i
[etebase](https://docs.etebase.com), which is the foundation of EteSync, can also be used by other apps as a backend to store data end-to-end encrypted (E2EE).
[Website](https://www.etesync.com){ .md-button .md-button--primary } [Privacy Policy](https://www.etesync.com/tos/#privacy){ .md-button }
[:octicons-home-16: Homepage](https://www.etesync.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.etesync.com/tos/#privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.etesync.com/user-guide/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/etesync){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.etesync.com/contribute/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.etesync.notes)
- [:pg-f-droid: F-Droid](https://f-droid.org/packages/com.etesync.notes)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/etesync-notes/id1533806351)
- [:octicons-browser-16: Browser](https://notes.etesync.com)
- [:fontawesome-brands-github: GitHub](https://github.com/etesync)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.etesync.notes){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/com.etesync.notes){ .card-link title=F-Droid }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/etesync-notes/id1533806351){ .card-link title="App Store" }
[:octicons-globe-16:](https://notes.etesync.com){ .card-link title=Web }
## Local notebooks
@ -84,10 +93,9 @@ Joplin does not support password/pin protection for the [application itself or i
**Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](/file-sharing/#file-sync) tools.
[Homepage](https://orgmode.org){ .md-button .md-button--primary }
??? downloads
- [:fontawesome-brands-git: Source](https://git.savannah.gnu.org/cgit/emacs/org-mode.git)
[:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute }
--8<-- "includes/abbreviations.en.md"

108
docs/passwords.en.md
View File

@ -8,7 +8,7 @@ Stay safe and secure online with an encrypted and open-source password manager.
- Always use unique passwords. Don't make yourself a victim of "[credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing)".
- Store an exported backup of your passwords in an [encrypted container](encryption.md) on another storage device. This can be useful if something happens to your device or the service you are using.
- If possible, store TOTP tokens in a separate [TOTP app](security/multi-factor-authentication.md#authenticator-apps) and not your password manager. TOTP codes are generated from a "[shared secret](https://en.wikipedia.org/wiki/Time-based_one-time_password#Security)". If the secret is obtained by an adversary they can generate TOTP values. Typically, mobile platforms have better app isolation and more secure methods for storing sensitive credentials.
- If possible, store TOTP tokens in a separate [TOTP app](basics/multi-factor-authentication.md#authenticator-apps) and not your password manager. TOTP codes are generated from a "[shared secret](https://en.wikipedia.org/wiki/Time-based_one-time_password#Security)". If the secret is obtained by an adversary they can generate TOTP values. Typically, mobile platforms have better app isolation and more secure methods for storing sensitive credentials.
## Local Password Managers
@ -22,17 +22,20 @@ These password managers store the password database locally.
**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager.
[Homepage](https://keepassxc.org){ .md-button .md-button--primary } [Privacy Policy](https://keepassxc.org/privacy){ .md-button }
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Source Code" }
[:octicons-heart-16:](https://keepassxc.org/donate/){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://keepassxc.org/download/#windows)
- [:fontawesome-brands-apple: macOS](https://keepassxc.org/download/#mac)
- [:fontawesome-brands-linux: Linux](https://keepassxc.org/download/#linux)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
- [:fontawesome-brands-github: Source](https://github.com/keepassxreboot/keepassxc)
[:fontawesome-brands-windows:](https://keepassxc.org/download/#windows){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://keepassxc.org/download/#mac){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://keepassxc.org/download/#linux){ .card-link title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/org.keepassxc.KeePassXC){ .card-link title=Flatpak }
[:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/keepassxc-browser){ .card-link title=Firefox }
[:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk){ .card-link title=Chrome }
KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually.
@ -44,15 +47,16 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
**KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
For more details, we recommend looking at their [FAQ](https://github.com/Kunzisoft/KeePassDX/wiki/FAQ).
[Homepage](https://www.keepassdx.com){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://www.keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
- [:pg-f-droid: F-Droid](https://www.f-droid.org/packages/com.kunzisoft.keepass.libre)
- [:fontawesome-brands-github: Source](https://github.com/Kunzisoft/KeePassDX)
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free){ .card-link title="Google Play" }
[:pg-f-droid:](https://www.f-droid.org/packages/com.kunzisoft.keepass.libre){ .card-link title=F-Droid }
[:fontawesome-brands-github:](https://github.com/Kunzisoft/KeePassDX/releases){ .card-link title=GitHub }
## Cloud Syncing Password Managers
@ -66,21 +70,23 @@ These password managers sync up to a cloud server that may be self-hostable.
**Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the easiest and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. If you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden server.
[Website](https://bitwarden.com){ .md-button .md-button--primary } [Privacy Policy](https://bitwarden.com/privacy){ .md-button }
[:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://bitwarden.com/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-windows: Windows](https://bitwarden.com/download)
- [:fontawesome-brands-app-store: Mac App Store](https://apps.apple.com/app/bitwarden/id1352778147)
- [:fontawesome-brands-linux: Linux](https://bitwarden.com/download)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/com.bitwarden.desktop)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden)
- [:pg-f-droid: F-Droid](https://mobileapp.bitwarden.com/fdroid)
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
- [:fontawesome-brands-github: Source](https://github.com/bitwarden)
[:fontawesome-brands-windows:](https://bitwarden.com/download){ .card-link title=Windows }
[:fontawesome-brands-app-store:](https://apps.apple.com/app/bitwarden/id1352778147){ .card-link title="Mac App Store" }
[:fontawesome-brands-linux:](https://bitwarden.com/download){ .card-link title=Linux }
[:pg-flathub:](https://flathub.org/apps/details/com.bitwarden.desktop){ .card-link title=Flatpak }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/bitwarden-password-manager/id1137397744){ .card-link title="App Store" }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden){ .card-link title="Google Play" }
[:pg-f-droid:](https://mobileapp.bitwarden.com/fdroid){ .card-link title=F-Droid }
[:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager){ .card-link title=Firefox }
[:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb){ .card-link title=Chrome }
[:fontawesome-brands-edge:](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh){ .card-link title=Edge }
### Psono
@ -90,16 +96,18 @@ These password managers sync up to a cloud server that may be self-hostable.
**Psono** is a free and open source password manager from Germany, with a focus on password management for teams. It can be [self-hosted](#password-management-servers). Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password.
[Website](https://psono.com){ .md-button .md-button--primary } [Privacy Policy](https://psono.com/privacy-policy){ .md-button }
[:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://doc.psono.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-firefox: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager)
- [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo)
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono)
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224)
- [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/psono/psono-client)
- [:fontawesome-brands-github: Source](https://gitlab.com/psono)
[:fontawesome-brands-firefox:](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager){ .card-link title=Firefox }
[:fontawesome-brands-chrome:](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo){ .card-link title=Chrome }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=com.psono.psono){ .card-link title="Google Play" }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/us/app/psono-password-manager/id1545581224){ .card-link title="App Store" }
[:fontawesome-brands-docker:](https://hub.docker.com/r/psono/psono-client){ .card-link title="Docker Hub" }
## Password Management Servers
@ -114,12 +122,14 @@ These products are self-hostable synchronization for cloud based password manage
**Vaultwarden** is an alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
[Project Info](https://github.com/dani-garcia/vaultwarden#readme){ .md-button .md-button--primary }
[:octicons-repo-16: Repository](https://github.com/dani-garcia/vaultwarden){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/vaultwarden/server)
- [:fontawesome-brands-github: Source](https://github.com/dani-garcia/vaultwarden)
[:fontawesome-brands-docker:](https://hub.docker.com/r/vaultwarden/server){ .card-link title="Docker Hub" }
### Psono Server
@ -127,14 +137,16 @@ These products are self-hostable synchronization for cloud based password manage
![Psono Server logo](assets/img/password-management/psono.svg){ align=right }
Psono provides [extensive documentation](https://doc.psono.com/) for their product. The [web-client](https://doc.psono.com/admin/installation/install-webclient.html#installation-with-docker) for Psono can be self hosted; alternatively, you can choose the the full [Community Edition](https://doc.psono.com/admin/installation/install-server-ce.html) or the [Enterprise Edition](https://doc.psono.com/admin/installation/install-server-ee.html) with additional features.
Psono provides [extensive documentation](https://doc.psono.com/) for their product. The [web-client](https://doc.psono.com/admin/installation/install-webclient.html#installation-with-docker) for Psono can be self-hosted; alternatively, you can choose the the full [Community Edition](https://doc.psono.com/admin/installation/install-server-ce.html) or the [Enterprise Edition](https://doc.psono.com/admin/installation/install-server-ee.html) with additional features.
[Source Code](https://gitlab.com/psono/psono-server){ .md-button .md-button--primary } [Privacy Policy](https://psono.com/privacy-policy){ .md-button }
[:octicons-repo-16: Repository](https://gitlab.com/psono/psono-server){ .md-button .md-button--primary }
[:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://doc.psono.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/psono/psono-server){ .card-link title="Source Code" }
??? downloads
- [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/psono/psono-server)
- [:fontawesome-brands-gitlab: Source](https://gitlab.com/psono/psono-server)
[:fontawesome-brands-docker:](https://hub.docker.com/r/psono/psono-server){ .card-link title="Docker Hub" }
## Minimal Password Managers
@ -148,14 +160,16 @@ These products are minimal password managers that can be used within scripting a
**gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows).
[Homepage](https://www.gopass.pw){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://www.gopass.pw){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gopasspw/gopass){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute }
??? downloads
- [:fontawesome-brands-windows: Windows](https://www.gopass.pw/#install-windows)
- [:fontawesome-brands-apple: macOS](https://www.gopass.pw/#install-macos)
- [:fontawesome-brands-linux: Linux](https://www.gopass.pw/#install-linux)
- [:fontawesome-brands-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
- [:fontawesome-brands-github: Source](https://github.com/gopasspw/gopass)
[:fontawesome-brands-windows:](https://www.gopass.pw/#install-windows){ .card-link title=Windows }
[:fontawesome-brands-apple:](https://www.gopass.pw/#install-macos){ .card-link title=macOS }
[:fontawesome-brands-linux:](https://www.gopass.pw/#install-linux){ .card-link title=Linux }
[:fontawesome-brands-freebsd:](https://www.gopass.pw/#install-bsd){ .card-link title=FreeBSD }
--8<-- "includes/abbreviations.en.md"

Some files were not shown because too many files have changed in this diff Show More