mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-07-07 20:12:41 +00:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| fce88ba49a | |||
| 25d0374939 | |||
| 4dfed7d77d |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 38 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 7.8 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 7.1 KiB |
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 5.1 KiB |
@ -244,53 +244,6 @@ Tutanota is working on a [desktop client](https://tutanota.com/blog/posts/deskto
|
||||
|
||||
StartMail allows for proxying of images within emails. If a user allows the remote image to be loaded, the sender won't know what the user's IP address is.
|
||||
|
||||
### CTemplar
|
||||
|
||||
!!! recommendation
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**CTemplar** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. CTemplar has been in operation since **2018** and is run from Iceland. Paid accounts start with 5GB. They offer free accounts by [invitation](https://ctemplar.com/email-creation-restriction/).
|
||||
|
||||
**USD $96/year**
|
||||
|
||||
[Website](https://ctemplar.com){ .md-button .md-button--primary }
|
||||
|
||||
??? check "Custom Domains and Aliases"
|
||||
|
||||
Paid accounts can use [Custom Domains](https://ctemplar.com/help/answer/add-a-domain/) and [aliases](https://ctemplar.com/help/answer/how-to-create-aliases/).
|
||||
|
||||
??? check "Private Payment Methods"
|
||||
|
||||
CTemplar [payment options](https://ctemplar.com/help/answer/payment-options/) include Credit cards via Stripe, Bitcoin and Monero.
|
||||
|
||||
??? check "Account Security"
|
||||
|
||||
CTemplar supports TOTP two factor authentication [for webmail only](https://ctemplar.com/help/answer/setting-up-two-factor-authentication-2fa/). They do not allow U2F security key authentication.
|
||||
|
||||
??? check "Data Security"
|
||||
|
||||
CTemplar has [zero access encryption at rest](https://ctemplar.com/help/answer/what-encryption-method-is-used/), using PGP. They support [protected headers](https://datatracker.ietf.org/doc/html/draft-autocrypt-lamps-protected-headers-02/) and therefore there is [subject encryption](https://ctemplar.com/help/answer/subject-encryption/).
|
||||
|
||||
CTemplar supports importing [contacts](https://ctemplar.com/help/answer/importing-contacts/) and [contacts are encrypted](https://ctemplar.com/help/answer/contact-encryption/) at rest however, they are only accessible in the webmail and apps.
|
||||
|
||||
??? check "Email Encryption"
|
||||
|
||||
CTemplar has [integrated encryption](https://ctemplar.com/help/answer/how-does-encryption-decryption-work-in-ctemplar/) in their webmail, which simplifies sending messages to users with public OpenPGP keys.
|
||||
|
||||
??? warning ".onion Service"
|
||||
|
||||
CTemplar's .onion service [ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion](http://ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion /) is [currently disabled](https://twitter.com/RealCTemplar/status/1458775445202157570) for webmail access, due to a Tor Browser [bug](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32865).
|
||||
|
||||
??? info "Additional Functionality"
|
||||
|
||||
CTemplar has a [dead man timer](https://ctemplar.com/help/answer/setting-up-a-dead-mans-timer/) feature that will automatically send a specific message that you've set after a given period of time.
|
||||
|
||||
CTemplar also has a feature that allows users verify [checksums](https://ctemplar.com/ctemplar-checksum-implementation/) of production pages with a public copy on Github.
|
||||
|
||||
Electron clients exist for Windows, Mac and Linux. Official clients also exist for iOS and Android ([including F-Droid](https://f-droid.org/en/packages/com.ctemplar.app.fdroid).) All of these clients are [open source](https://github.com/orgs/CTemplar/repositories).
|
||||
|
||||
## Our Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the providers we recommend.** This allows us to provide completely objective recommendations. We have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you.
|
||||
|
||||
@ -56,7 +56,7 @@ The company is based in the :flag_gb: UK. According to their [Privacy Policy](ht
|
||||
|
||||
{ align=right }
|
||||
|
||||
**SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing information about its users. There is a [list of public instances](https://searx.space/).
|
||||
**SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing information about its users. It is an actively maintained fork of [SearX](https://github.com/searx/searx). There is a [list of public instances](https://searx.space/).
|
||||
|
||||
[Homepage](https://searxng.org){ .md-button .md-button--primary }
|
||||
??? downloads
|
||||
@ -65,8 +65,8 @@ The company is based in the :flag_gb: UK. According to their [Privacy Policy](ht
|
||||
|
||||
SearXNG is a proxy between the user and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.
|
||||
|
||||
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting SearXNG, as other people looking up illegal content on your instance could draw unwanted attention from authorities.
|
||||
When self-hosting, it is important that you have other people using your instance so that the queries would blend in. You should be careful with where and how you are hosting SearXNG, as users looking up illegal content on your instance could draw unwanted attention from authorities.
|
||||
|
||||
When you are using a SearXNG instance, be sure to go read the Privacy Policy of that specific instance. SearXNG instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII (Personally Identifiable Information).
|
||||
When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
|
||||
|
||||
--8<-- "includes/abbreviations.en.md"
|
||||
|
||||
@ -125,7 +125,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
- { .twemoji }{ .twemoji } [Disroot](https://disroot.org/)
|
||||
- { .twemoji } [Tutanota](https://tutanota.com/)
|
||||
- { .twemoji }{ .twemoji } [StartMail](https://startmail.com/)
|
||||
- { .twemoji }{ .twemoji } [CTemplar](https://ctemplar.com/)
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
@ -279,8 +279,8 @@ With the VPN providers we recommend we like to see responsible marketing.
|
||||
Must not have any marketing which is irresponsible:
|
||||
|
||||
- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know users can quite easily deanonymize themselves in a number of ways, eg:
|
||||
- Reusing personal information eg. (email accounts, unique pseudonyms etc) that they accessed without anonymity software (Tor, VPN etc)
|
||||
- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
|
||||
- Reusing personal information eg. (email accounts, unique pseudonyms etc) that they accessed without anonymity software (Tor, VPN etc)
|
||||
- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
|
||||
- Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of 3 or more hops that regularly changes.
|
||||
- Use responsible language, eg it is okay to say that a VPN is "disconnected" or "not connected", however claiming that a user is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example the visiting user might be on another VPN provider's service or using Tor.
|
||||
|
||||
@ -288,7 +288,7 @@ Must not have any marketing which is irresponsible:
|
||||
|
||||
Responsible marketing that is both educational and useful to the consumer could include:
|
||||
|
||||
- An accurate comparison to when Tor or other [self-contained networks.md](self-contained-networks) should be used.
|
||||
- An accurate comparison to when Tor or other [self-contained networks](self-contained-networks.md) should be used.
|
||||
- Availability of the VPN provider's website over a .onion [Hidden Service](https://en.wikipedia.org/wiki/.onion)
|
||||
|
||||
### Additional Functionality
|
||||
|
||||
@ -2,7 +2,6 @@
|
||||
*[2FA]: 2-Factor Authentication
|
||||
*[ADB]: Android Debug Bridge
|
||||
*[AOSP]: Android Open Source Project
|
||||
*[attack surface]: The attack surface of software or hardware is the sum of the different places an unauthorized user (the "attacker") can try to enter data to or extract data from.
|
||||
*[AVB]: Android Verified Boot
|
||||
*[CLI]: Command Line Interface
|
||||
*[CSV]: Comma-Separated Values
|
||||
@ -17,7 +16,6 @@
|
||||
*[Exif]: Exchangeable image file format
|
||||
*[FDE]: Full Disk Encryption
|
||||
*[FIDO]: Fast IDentity Online
|
||||
*[fork]: In software development, a fork is created when developers take a copy of source code from one software package and start independent development on it, creating a distinct and separate piece of software.
|
||||
*[GPG]: GNU Privacy Guard (PGP implementation)
|
||||
*[GPS]: Global Positioning System
|
||||
*[GUI]: Graphical User Interface
|
||||
@ -49,8 +47,8 @@
|
||||
*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
|
||||
*[P2P]: Peer-to-Peer
|
||||
*[PGP]: Pretty Good Privacy (see OpenPGP)
|
||||
*[PII]: Personally Identifiable Information
|
||||
*[QNAME]: Qualified Name
|
||||
*[rolling release]: An update release cycle in which updates are released very frequently, instead of at set intervals.
|
||||
*[RSS]: Really Simple Syndication
|
||||
*[SELinux]: Security-Enhanced Linux
|
||||
*[SIM]: Subscriber Identity Module
|
||||
@ -71,4 +69,7 @@
|
||||
*[VoIP]: Voice over IP (Internet Protocol)
|
||||
*[W3C]: World Wide Web Consortium
|
||||
*[XMPP]: Extensible Messaging and Presence Protocol
|
||||
*[attack surface]: The attack surface of software or hardware is the sum of the different places an unauthorized user (the "attacker") can try to enter data to or extract data from.
|
||||
*[cgroups]: Control Groups
|
||||
*[fork]: In software development, a fork is created when developers take a copy of source code from one software package and start independent development on it, creating a distinct and separate piece of software.
|
||||
*[rolling release]: An update release cycle in which updates are released very frequently, instead of at set intervals.
|
||||
|
||||
Reference in New Issue
Block a user