1
0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-08 12:32:38 +00:00

Compare commits

..

11 Commits

Author SHA1 Message Date
a52770e1c0 Minify HTML & CSS (#1351)
Signed-off-by: Daniel Gray <dng@disroot.org>
2022-05-30 03:22:50 +09:30
f6a25a7dd4 Two broken links in VPN/VPN Overview page (#1358) 2022-05-30 02:33:37 +09:30
Tad
4a25c635ee DivestOS updates (#1359)
Signed-off-by: Daniel Gray <dng@disroot.org>
2022-05-30 02:21:15 +09:30
a29c443a48 Improve Colors and Styles (#1355)
Signed-off-by: Daniel Gray <dng@disroot.org>
2022-05-29 14:25:48 +09:30
6f27a0e849 Fix typos on VPN services page (#1354) 2022-05-28 17:46:57 -05:00
4f20378555 Fix links in linux hardening guide (#1353) 2022-05-28 17:46:17 -05:00
072e087487 Data Erasure Grammar Fixes (#1350)
Signed-off-by: Daniel Gray <dng@disroot.org>
2022-05-29 04:26:52 +09:30
547ed4c728 Add brand submodule (#1347) 2022-05-28 13:52:46 -05:00
bbca7bcbab Fix Briar Flatpak download (#1346)
Signed-off-by: Daniel Gray <dng@disroot.org>
2022-05-29 04:21:31 +09:30
0b70d8689d Separate articles and recommendations (#1173)
Co-authored-by: Daniel Gray <dng@disroot.org>
2022-05-03 14:15:20 -05:00
4a448189c6 Revert "Remove FairEmail (#1270)"
This reverts commit abd2fa0ff0.
2022-05-28 19:31:53 +09:30
57 changed files with 294 additions and 551 deletions

3
.gitmodules vendored
View File

@ -1,3 +1,6 @@
[submodule "mkdocs-material-insiders"]
path = mkdocs-material
url = git@github.com:privacyguides/mkdocs-material-insiders.git
[submodule "docs/assets/brand"]
path = docs/assets/brand
url = https://github.com/privacyguides/brand.git

View File

@ -9,6 +9,7 @@ mkdocs-material = {path = "./mkdocs-material"}
mkdocs-static-i18n = "*"
mkdocs-git-revision-date-localized-plugin = "*"
typing-extensions = "*"
mkdocs-minify-plugin = "*"
[dev-packages]
scour = "*"

46
Pipfile.lock generated
View File

@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
"sha256": "2d68765ce86bf264f0a29d6b9f31202a71615d6aad4653cffc874bd095267d29"
"sha256": "76ed583036efde0ea1b0725942175f9c77c8a04f218b4822cc8dcc0f8174e2f4"
},
"pipfile-spec": 6,
"requires": {
@ -41,11 +41,11 @@
},
"certifi": {
"hashes": [
"sha256:6ae10321df3e464305a46e997da41ea56c1d311fb9ff1dd4e04d6f14653ec63a",
"sha256:8d15a5a7fde18536a249c49e07e8e462b8fc13de21b3c80e8a68315dfa227c99"
"sha256:9c5705e395cd70084351dd8ad5c41e65655e08ce46f2ec9cf6c2c08390f71eb7",
"sha256:f1d53542ee8cbedbe2118b5686372fb33c297fcd6379b050cca0ef13a597382a"
],
"markers": "python_version >= '3.5'",
"version": "==2022.5.18"
"markers": "python_version >= '3.6'",
"version": "==2022.5.18.1"
},
"cffi": {
"hashes": [
@ -107,7 +107,7 @@
"sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
"sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
],
"markers": "python_version >= '3'",
"markers": "python_version >= '3.0'",
"version": "==2.0.12"
},
"click": {
@ -118,6 +118,12 @@
"markers": "python_version >= '3.7'",
"version": "==8.1.3"
},
"csscompressor": {
"hashes": [
"sha256:afa22badbcf3120a4f392e4d22f9fff485c044a1feda4a950ecc5eba9dd31a05"
],
"version": "==0.9.5"
},
"cssselect2": {
"hashes": [
"sha256:3a83b2a68370c69c9cd3fcb88bbfaebe9d22edeef2c22d1ff3e1ed9c7fa45ed8",
@ -157,21 +163,27 @@
"markers": "python_version >= '3.7'",
"version": "==3.1.27"
},
"htmlmin": {
"hashes": [
"sha256:50c1ef4630374a5d723900096a961cff426dff46b48f34d194a81bbe14eca178"
],
"version": "==0.1.12"
},
"idna": {
"hashes": [
"sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff",
"sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"
],
"markers": "python_version >= '3'",
"markers": "python_version >= '3.0'",
"version": "==3.3"
},
"importlib-metadata": {
"hashes": [
"sha256:1208431ca90a8cca1a6b8af391bb53c1a2db74e5d1cef6ddced95d4b2062edc6",
"sha256:ea4c597ebf37142f827b8f39299579e31685c31d3a438b59f469406afd0f2539"
"sha256:5d26852efe48c0a32b0509ffbc583fda1a2266545a78d104a6f4aff3db17d700",
"sha256:c58c8eb8a762858f49e18436ff552e83914778e50e9d2f1660535ffb364552ec"
],
"markers": "python_version >= '3.7'",
"version": "==4.11.3"
"version": "==4.11.4"
},
"jinja2": {
"hashes": [
@ -181,6 +193,12 @@
"markers": "python_version >= '3.6'",
"version": "==3.0.3"
},
"jsmin": {
"hashes": [
"sha256:c0959a121ef94542e807a674142606f7e90214a2b3d1eb17300244bbb5cc2bfc"
],
"version": "==3.0.1"
},
"lxml": {
"hashes": [
"sha256:078306d19a33920004addeb5f4630781aaeabb6a8d01398045fcde085091a169",
@ -338,6 +356,14 @@
"markers": "python_version >= '3.6'",
"version": "==1.0.3"
},
"mkdocs-minify-plugin": {
"hashes": [
"sha256:32d9e8fbd89327a0f4f648f517297aad344c1bad64cfde110d059bd2f2780a6d",
"sha256:487c31ae6b8b3230f56910ce6bcf5c7e6ad9a8c4f51c720a4b989f30c2b0233f"
],
"index": "pypi",
"version": "==0.5.0"
},
"mkdocs-static-i18n": {
"hashes": [
"sha256:5d69b4eb284931bd048a36f923367f2a7bd0dc7b0438008dce8ca1a8feee99e2"

View File

@ -2,8 +2,8 @@
<div align="center">
<a href="https://www.privacyguides.org/">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://privacyguides.org/assets/img/layout/privacy-guides-logo-dark.svg">
<img alt="Privacy Guides" width="500px" src="https://privacyguides.org/assets/img/layout/privacy-guides-logo.svg">
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/privacyguides/brand/main/SVG/Logo/privacy-guides-logo-dark.svg">
<img alt="Privacy Guides" width="500px" src="https://raw.githubusercontent.com/privacyguides/brand/main/SVG/Logo/privacy-guides-logo.svg">
</picture>
</a>
@ -69,9 +69,12 @@ Our current list of team members can be found [here](https://github.com/orgs/pri
This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdocs-material/insiders/) which offers additional functionality over the open-source `mkdocs-material` project. For obvious reasons we cannot distribute access to the insiders repository. You can install the website locally with the open-source version of `mkdocs-material`:
1. Clone this repository: `git clone https://github.com/privacyguides/privacyguides.org.git`
1. Clone this repository:
- `git clone https://github.com/privacyguides/privacyguides.org.git`
- `git submodule init`
- `git submodule update docs/assets/brand`
2. Install [Python 3.6+](https://www.python.org/downloads/)
3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n mkdocs-git-revision-date-localized-plugin typing-extensions`
3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n mkdocs-git-revision-date-localized-plugin mkdocs-minify-plugin typing-extensions`
4. Serve the site locally: `mkdocs serve`
- The site will be available at `http://localhost:8000`
- You can build the site locally with `mkdocs build`

View File

@ -65,16 +65,17 @@ CalyxOS only [supports](https://calyxos.org/docs/guide/device-support/) Google P
DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
[:pg-tor:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title=Onion }
[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribute }
DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, a custom [hosts](https://divested.dev/index.php?page=dnsbl) file, and [F-Droid](https://www.f-droid.org) as the app store. It includes [UnifiedNlp](https://github.com/microg/UnifiedNlp) for network location. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and includes [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning).
DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, a custom [hosts](https://divested.dev/index.php?page=dnsbl) file, and [F-Droid](https://www.f-droid.org) as the app store. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0, 17.1, and 18.1 implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and 18.1 feature GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, and [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
!!! warning

View File

@ -24,7 +24,7 @@ Local RF location backends like DejaVu require that the phone has a working GPS
If your threat model requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Play Services.
In terms of application compatibility, Sandboxed Google Play outperforms microG due to its support for many services which microG has not yet implemented, like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html). Authentication using [FIDO](security/multi-factor-authentication#fido-fast-identity-online) with online services on Android also relies on Play Services, and the feature is not yet implemented in microG.
In terms of application compatibility, Sandboxed Google Play outperforms microG due to its support for many services which microG has not yet implemented, like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html). Authentication using [FIDO](basics/multi-factor-authentication#fido-fast-identity-online) with online services on Android also relies on Play Services, and the feature is not yet implemented in microG.
## Privileged App Extensions

1
docs/assets/brand Submodule

Submodule docs/assets/brand added at 7e94d7a5d7

View File

@ -2,7 +2,7 @@
<browserconfig>
<msapplication>
<tile>
<square150x150logo src="/assets/img/layout/mstile-150x150.png"/>
<square150x150logo src="/assets/brand/PNG/Favicon/mstile-150x150.png"/>
<TileColor>#ffd06f</TileColor>
</tile>
</msapplication>

View File

@ -3,12 +3,12 @@
"short_name": "Privacy Guides",
"icons": [
{
"src": "/assets/img/layout/android-chrome-192x192.png",
"src": "/assets/brand/PNG/Favicon/android-chrome-192x192.png",
"sizes": "192x192",
"type": "image/png"
},
{
"src": "/assets/img/layout/android-chrome-512x512.png",
"src": "/assets/brand/PNG/Favicon/android-chrome-512x512.png",
"sizes": "512x512",
"type": "image/png"
}

View File

@ -1,93 +0,0 @@
Copyright (c) 2015 Sebastien Sanfilippo (www.love-letters.be)
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at:
http://scripts.sil.org/OFL
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.

View File

@ -1,93 +0,0 @@
Copyright 2020 The DM Mono Project Authors (https://www.github.com/googlefonts/dm-mono)
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at:
http://scripts.sil.org/OFL
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.

View File

@ -1,16 +0,0 @@
@font-face {
font-family: 'DM Mono';
src: url('DMMono-Regular.woff2') format('woff2');
font-weight: normal;
font-style: normal;
font-display: swap;
}
@font-face {
font-family: 'DM Mono';
src: url('DMMono-Medium.woff2') format('woff2');
font-weight: 500;
font-style: normal;
font-display: swap;
}

View File

@ -1,113 +0,0 @@
## License for USWDSs Modified Version
This font combines Libre Franklin (the “Original Version”) and these GSA modifications into a piece of font software called Public Sans, which is a “Modified Version” of Libre Franklin.
As a work of the United States Government, the font software modifications made by GSA are not subject to copyright within the United States. Additionally, GSA waives copyright and related rights in its font software modifications worldwide through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
The Original Version (as defined in the SIL Open Font License, Version 1.1) remains subject to copyright under the SIL Open Font License, Version 1.1.
This Modified Version (Public Sans) contains both software under the SIL Open Font License, Version 1.1 and software modifications by GSA released as CC0. As a work of the United States Government, the software modifications made by GSA are not subject to copyright within the United States. Additionally, GSA waives copyright and related rights in its software modifications worldwide through the [CC0 1.0 Universal Public Domain Dedication](https://creativecommons.org/publicdomain/zero/1.0/). It is a “joint work” made of the original software and modifications combined into a single work.
**In practice, users of this Modified Version (Public Sans) should use Public Sans according to the terms of the SIL Open Font License, Version 1.1, below.** This is because this font is a combination of work subject to copyright and work not subject to copyright, so the more restrictive requirements apply to using the combined work.
## License of project USWDSs Modified Version is based on
- Libre Franklin is licensed under the SIL Open Font License, Version 1.1 (<http://scripts.sil.org/OFL>)
- To view the copyright and specific terms and conditions of Libre Franklin, please refer to [OFL.txt](https://github.com/impallari/Libre-Franklin/blob/master/OFL.txt)
## SIL Open Font License, Version 1.1
Copyright 2015 The Public Sans Project Authors (https://github.com/uswds/public-sans)
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at http://scripts.sil.org/OFL
```
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.
```

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="color-1" x2="0" gradientUnits="userSpaceOnUse"><stop stop-opacity=".3" offset="0"/><stop stop-opacity="0" offset="1"/></linearGradient></defs><g transform="matrix(.7697 0 0 .7697 -1.5394 -1.5394)" font-family="none" font-size="none" font-weight="none" stroke-miterlimit="10" text-anchor="none" style="mix-blend-mode:normal"><path d="m7 43c-1.1046 0-2-0.89543-2-2v-34c0-1.1046 0.89543-2 2-2h34c1.1046 0 2 0.89543 2 2v34c0 1.1046-0.89543 2-2 2z" fill="#039be5"/><path d="m31.816 16.184h-15.632c-1.0796 0-1.9442 0.87442-1.9442 1.954l-0.0098 11.724c0 1.0796 0.87442 1.954 1.954 1.954h15.632c1.0796 0 1.954-0.87442 1.954-1.954v-11.724c0-1.0796-0.87442-1.954-1.954-1.954zm0 3.908-7.8161 4.885-7.8161-4.885v-1.954l7.8161 4.885 7.8161-4.885z" fill="none" stroke-width="0"/><path d="m33.77 18.138v11.724c0 1.0796-0.87442 1.954-1.954 1.954h-15.632c-1.0796 0-1.954-0.87442-1.954-1.954l0.0098-11.724c0-1.0796 0.86465-1.954 1.9442-1.954h15.632c1.0796 0 1.954 0.87442 1.954 1.954zm-1.954 0-7.8161 4.885-7.8161-4.885v1.954l7.8161 4.885 7.8161-4.885z" fill="#fff" stroke-width="0"/><g fill="none"><path d="m2 24c0-12.15 9.8497-22 22-22s22 9.8497 22 22-9.8497 22-22 22-22-9.8497-22-22z"/><rect x="2" y="2" width="44" height="22"/><path d="m2 24v-22h44v22z"/><path d="m2 24v-22h44v22z"/><path d="m2 24v-22h44v22z"/><path d="m2 24v-22h44v22z"/></g></g></svg>

After

Width:  |  Height:  |  Size: 1.5 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 7.4 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 7.2 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.0 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.9 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 6.1 KiB

View File

@ -1,51 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="100%" height="100%" viewBox="0 0 300 39" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
<g transform="matrix(0.689203,0,0,0.689203,-7.49104,-6.28359)">
<path d="M18.466,16.31C18.279,16.938 18.384,17.673 18.594,19.141L21.253,37.755C21.713,40.971 21.942,42.578 22.551,44.015C23.09,45.289 23.845,46.46 24.783,47.476C25.842,48.623 27.212,49.494 29.952,51.238L33.848,53.717C35.716,54.906 36.65,55.5 37.654,55.732C38.426,55.91 39.224,55.933 40.003,55.801C39.359,54.33 39.002,52.706 39.002,50.997C39.002,44.37 44.375,38.997 51.002,38.997C52.936,38.997 54.763,39.455 56.381,40.267C56.494,39.55 56.612,38.726 56.751,37.755L56.751,37.755L59.41,19.141C59.62,17.673 59.725,16.938 59.538,16.31C59.374,15.756 59.053,15.261 58.615,14.885C58.117,14.458 57.403,14.255 55.977,13.847L40.321,9.374C39.83,9.234 39.585,9.164 39.335,9.136C39.114,9.111 38.891,9.111 38.669,9.136C38.42,9.164 38.174,9.234 37.684,9.374L22.027,13.847C20.601,14.255 19.887,14.458 19.39,14.885C18.951,15.261 18.63,15.756 18.466,16.31Z" style="fill:rgb(40,50,63);"/>
</g>
<g transform="matrix(0.689203,0,0,0.689203,-7.49104,-6.28359)">
<path d="M32.836,13.626C32.946,13.614 33.058,13.614 33.169,13.626C33.265,13.637 33.371,13.663 33.909,13.816L49.565,18.289C50.3,18.5 50.771,18.635 51.123,18.765C51.458,18.89 51.578,18.972 51.638,19.024C51.858,19.212 52.018,19.459 52.1,19.736C52.123,19.813 52.149,19.956 52.126,20.313C52.102,20.688 52.034,21.172 51.925,21.929L49.692,37.56C42.851,38.219 37.502,43.983 37.502,50.997C37.502,52.382 37.711,53.718 38.098,54.976L37.351,55.452C35.388,56.701 34.706,57.11 34.014,57.27C33.348,57.424 32.657,57.424 31.991,57.27C31.298,57.11 30.616,56.701 28.654,55.452L24.758,52.973C21.95,51.186 20.781,50.428 19.886,49.458C19.065,48.569 18.404,47.545 17.932,46.43C17.418,45.215 17.209,43.837 16.738,40.543L14.079,21.929C13.971,21.172 13.903,20.688 13.878,20.313C13.855,19.956 13.881,19.813 13.904,19.736C13.986,19.459 14.147,19.212 14.366,19.024C14.427,18.972 14.547,18.89 14.881,18.765C15.234,18.635 15.704,18.5 16.439,18.289L32.096,13.816C32.633,13.663 32.74,13.637 32.836,13.626ZM54.903,22.301L52.716,37.605C59.363,38.447 64.502,44.122 64.502,50.997C64.502,58.453 58.458,64.497 51.002,64.497C46.01,64.497 41.651,61.787 39.315,57.758L38.962,57.983L38.739,58.124C37.088,59.177 35.947,59.903 34.688,60.194C33.579,60.449 32.426,60.449 31.317,60.194C30.058,59.903 28.917,59.177 27.265,58.124L27.043,57.983L22.954,55.381L22.954,55.381C20.398,53.754 18.873,52.784 17.681,51.493C16.626,50.35 15.776,49.033 15.17,47.6C14.484,45.982 14.229,44.193 13.801,41.194L11.102,22.301C11.003,21.611 10.918,21.012 10.885,20.508C10.85,19.973 10.864,19.435 11.028,18.883C11.274,18.052 11.756,17.31 12.414,16.746C12.851,16.372 13.336,16.139 13.839,15.952C14.312,15.777 14.895,15.611 15.564,15.419L15.615,15.405L31.271,10.932L31.354,10.908C31.764,10.791 32.125,10.687 32.502,10.645C32.835,10.608 33.17,10.608 33.502,10.645C33.88,10.687 34.241,10.791 34.65,10.908L34.733,10.932L50.44,15.419C51.11,15.611 51.692,15.777 52.166,15.952C52.668,16.139 53.154,16.372 53.591,16.746C54.249,17.31 54.73,18.052 54.977,18.883C55.14,19.435 55.155,19.973 55.12,20.508C55.087,21.012 55.001,21.611 54.903,22.3L54.903,22.301ZM51.002,40.497C45.203,40.497 40.502,45.198 40.502,50.997C40.502,56.796 45.203,61.497 51.002,61.497C56.801,61.497 61.502,56.796 61.502,50.997C61.502,45.198 56.801,40.497 51.002,40.497ZM58.154,47.458C58.685,46.821 58.599,45.875 57.962,45.345C57.326,44.815 56.38,44.9 55.85,45.537L49.401,53.275L46.063,49.936C45.477,49.351 44.527,49.351 43.942,49.936C43.356,50.522 43.356,51.472 43.942,52.058L48.442,56.558C48.74,56.856 49.149,57.015 49.57,56.996C49.991,56.977 50.385,56.781 50.654,56.458L58.154,47.458ZM25.502,29.997C25.502,25.855 28.86,22.497 33.002,22.497C37.144,22.497 40.502,25.855 40.502,29.997C40.502,32.451 39.324,34.629 37.502,35.998L37.502,41.997C37.502,44.483 35.488,46.497 33.002,46.497C30.517,46.497 28.502,44.483 28.502,41.997L28.502,35.998C26.681,34.629 25.502,32.451 25.502,29.997ZM34.502,37.497L31.502,37.497L31.502,41.997C31.502,42.826 32.174,43.497 33.002,43.497C33.831,43.497 34.502,42.826 34.502,41.997L34.502,37.497ZM33.002,34.497C35.488,34.497 37.502,32.483 37.502,29.997C37.502,27.512 35.488,25.497 33.002,25.497C30.517,25.497 28.502,27.512 28.502,29.997C28.502,32.483 30.517,34.497 33.002,34.497Z" style="fill:white;"/>
</g>
<g id="Privacy-Guides" serif:id="Privacy Guides" transform="matrix(0.0535473,0,0,0.0533183,-1.21787,-26.5177)">
<g transform="matrix(658.502,0,0,658.502,970.977,1072.74)">
<path d="M0.025,-0L0.378,-0L0.269,-0.084L0.269,-0.297C0.285,-0.295 0.32,-0.293 0.388,-0.293C0.552,-0.293 0.646,-0.401 0.646,-0.521C0.646,-0.625 0.557,-0.719 0.409,-0.719C0.318,-0.719 0.207,-0.718 0.207,-0.718L0.025,-0.718L0.129,-0.637L0.129,-0.08L0.025,-0ZM0.291,-0.667C0.353,-0.667 0.4,-0.668 0.437,-0.648C0.476,-0.625 0.497,-0.571 0.497,-0.506C0.497,-0.346 0.381,-0.343 0.269,-0.343L0.269,-0.667L0.291,-0.667Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,1400.98,1072.74)">
<path d="M0.024,-0L0.294,-0L0.216,-0.07L0.216,-0.26C0.22,-0.32 0.234,-0.363 0.271,-0.401C0.275,-0.356 0.308,-0.33 0.346,-0.33C0.382,-0.33 0.416,-0.364 0.416,-0.411C0.416,-0.464 0.375,-0.489 0.341,-0.489C0.283,-0.489 0.236,-0.44 0.213,-0.374L0.186,-0.501L0.096,-0.441L0.096,-0.44L0.024,-0.392L0.096,-0.348L0.096,-0.07L0.024,-0Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,1674.92,1072.74)">
<path d="M0.024,-0L0.293,-0L0.216,-0.07L0.216,-0.509L0.155,-0.472L0.096,-0.436L0.024,-0.392L0.096,-0.355L0.096,-0.07L0.024,-0ZM0.086,-0.64C0.086,-0.598 0.12,-0.564 0.162,-0.564C0.203,-0.564 0.238,-0.598 0.238,-0.64C0.238,-0.681 0.203,-0.716 0.162,-0.716C0.12,-0.716 0.086,-0.681 0.086,-0.64Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,1875.76,1072.74)">
<path d="M0.572,-0.479L0.439,-0.479L0.438,-0.476L0.438,-0.479L0.342,-0.479L0.408,-0.408L0.296,-0.153L0.182,-0.422L0.251,-0.479L-0.049,-0.479L0.054,-0.401L0.258,0.043L0.278,-0.002L0.279,-0.001L0.461,-0.397L0.572,-0.479Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,2220.16,1072.74)">
<path d="M0.332,-0.341C0.333,-0.254 0.238,-0.243 0.166,-0.226C0.104,-0.211 0.045,-0.17 0.045,-0.1C0.045,-0.055 0.074,0.014 0.167,0.014C0.233,0.014 0.302,-0.023 0.333,-0.077L0.358,-0L0.522,-0L0.446,-0.079C0.446,-0.125 0.447,-0.279 0.447,-0.32C0.447,-0.454 0.355,-0.494 0.268,-0.494L0.252,-0.494C0.149,-0.494 0.061,-0.414 0.061,-0.355C0.061,-0.309 0.085,-0.274 0.129,-0.274C0.165,-0.274 0.198,-0.305 0.198,-0.344C0.198,-0.378 0.187,-0.403 0.144,-0.42C0.158,-0.44 0.205,-0.446 0.235,-0.446C0.285,-0.446 0.329,-0.409 0.333,-0.341L0.332,-0.341ZM0.215,-0.061C0.189,-0.061 0.164,-0.079 0.164,-0.109C0.164,-0.147 0.184,-0.17 0.238,-0.194C0.271,-0.207 0.308,-0.226 0.332,-0.257L0.33,-0.136C0.308,-0.083 0.251,-0.061 0.215,-0.061Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,2569.82,1072.74)">
<path d="M0.279,0.01C0.379,0.01 0.485,-0.072 0.485,-0.185C0.452,-0.119 0.382,-0.091 0.32,-0.091C0.223,-0.091 0.153,-0.158 0.153,-0.28C0.153,-0.376 0.215,-0.442 0.29,-0.442C0.35,-0.442 0.327,-0.385 0.327,-0.345C0.327,-0.295 0.361,-0.272 0.398,-0.272C0.444,-0.272 0.47,-0.309 0.47,-0.349C0.47,-0.43 0.395,-0.489 0.301,-0.489C0.149,-0.489 0.04,-0.384 0.04,-0.224C0.04,-0.091 0.135,0.01 0.279,0.01Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,2908.95,1072.74)">
<path d="M0.572,-0.479L0.439,-0.479L0.438,-0.477L0.438,-0.479L0.342,-0.479L0.407,-0.408L0.294,-0.154L0.175,-0.417L0.251,-0.479L-0.049,-0.479L0.054,-0.401L0.231,-0.014L0.207,0.04C0.194,0.062 0.169,0.122 0.127,0.122C0.095,0.122 0.056,0.102 0.066,0.028L-0.046,0.157C-0.02,0.21 0.019,0.237 0.086,0.237C0.169,0.237 0.217,0.159 0.254,0.071L0.463,-0.398L0.572,-0.479Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,3452.87,1072.74)">
<path d="M0.724,0.032L0.724,-0.262L0.831,-0.342L0.477,-0.342L0.574,-0.271L0.574,-0.182C0.571,-0.094 0.519,-0.048 0.422,-0.048C0.265,-0.048 0.207,-0.196 0.207,-0.368C0.207,-0.54 0.298,-0.665 0.43,-0.665C0.559,-0.665 0.621,-0.554 0.709,-0.418L0.709,-0.743L0.608,-0.664C0.554,-0.711 0.485,-0.734 0.435,-0.734C0.204,-0.734 0.05,-0.589 0.05,-0.337C0.05,-0.135 0.178,0.018 0.397,0.018C0.478,0.018 0.564,-0.003 0.625,-0.068L0.724,0.032ZM0.475,-0.342L0.477,-0.342L0.475,-0.344L0.475,-0.342Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,4009.96,1072.74)">
<path d="M0.505,-0.509L0.444,-0.471L0.444,-0.472L0.313,-0.392L0.385,-0.355L0.385,-0.138C0.379,-0.11 0.36,-0.063 0.293,-0.063C0.219,-0.063 0.201,-0.115 0.2,-0.199L0.201,-0.509L0.14,-0.471L0.14,-0.472L0.009,-0.392L0.08,-0.356L0.08,-0.163C0.08,-0.049 0.145,0.011 0.24,0.011C0.317,0.011 0.361,-0.02 0.392,-0.073L0.415,0.023L0.577,-0.058L0.505,-0.108L0.505,-0.509Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,4403.09,1072.74)">
<path d="M0.024,-0L0.293,-0L0.216,-0.07L0.216,-0.509L0.155,-0.472L0.096,-0.436L0.024,-0.392L0.096,-0.355L0.096,-0.07L0.024,-0ZM0.086,-0.64C0.086,-0.598 0.12,-0.564 0.162,-0.564C0.203,-0.564 0.238,-0.598 0.238,-0.64C0.238,-0.681 0.203,-0.716 0.162,-0.716C0.12,-0.716 0.086,-0.681 0.086,-0.64Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,4603.93,1072.74)">
<path d="M0.259,0.013C0.315,0.013 0.379,-0.01 0.413,-0.063L0.437,0.023L0.599,-0.058L0.527,-0.108L0.527,-0.75L0.491,-0.725L0.491,-0.726L0.335,-0.622L0.407,-0.587L0.407,-0.47C0.377,-0.482 0.346,-0.487 0.318,-0.487C0.154,-0.487 0.041,-0.363 0.041,-0.229C0.041,-0.063 0.152,0.013 0.259,0.013ZM0.326,-0.076C0.237,-0.076 0.165,-0.14 0.165,-0.275C0.165,-0.366 0.216,-0.437 0.297,-0.437C0.361,-0.437 0.4,-0.401 0.407,-0.325L0.407,-0.099C0.379,-0.078 0.346,-0.076 0.326,-0.076Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,5011.54,1072.74)">
<path d="M0.275,0.01C0.38,0.01 0.486,-0.071 0.486,-0.184C0.447,-0.121 0.389,-0.091 0.319,-0.091C0.22,-0.091 0.157,-0.158 0.153,-0.259L0.49,-0.259L0.49,-0.309L0.489,-0.309C0.479,-0.448 0.364,-0.489 0.281,-0.489C0.135,-0.489 0.04,-0.37 0.04,-0.23C0.04,-0.107 0.12,0.01 0.275,0.01ZM0.266,-0.442C0.329,-0.442 0.362,-0.388 0.362,-0.309L0.153,-0.309C0.154,-0.394 0.212,-0.442 0.266,-0.442Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(658.502,0,0,658.502,5353.97,1072.74)">
<path d="M0.218,-0.494C0.13,-0.494 0.054,-0.441 0.054,-0.343C0.054,-0.245 0.112,-0.205 0.206,-0.185C0.253,-0.175 0.322,-0.163 0.322,-0.106C0.322,-0.065 0.28,-0.045 0.247,-0.045C0.211,-0.045 0.184,-0.049 0.156,-0.07C0.111,-0.105 0.084,-0.156 0.052,-0.205L0.053,0.018L0.128,-0.019C0.156,-0.003 0.193,0.01 0.245,0.01C0.359,0.01 0.412,-0.077 0.412,-0.144C0.412,-0.258 0.345,-0.289 0.241,-0.315C0.181,-0.33 0.142,-0.349 0.142,-0.38C0.142,-0.419 0.177,-0.44 0.225,-0.44C0.252,-0.44 0.288,-0.428 0.311,-0.408C0.348,-0.379 0.373,-0.344 0.395,-0.304L0.394,-0.509L0.316,-0.466C0.29,-0.481 0.252,-0.494 0.218,-0.494Z" style="fill:white;fill-rule:nonzero;"/>
</g>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 12 KiB

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 12 KiB

View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100%" height="100%" version="1.1" viewBox="0 0 33 34" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="M4.581,4.337c-0.113,0.379 -0.049,0.822 0.077,1.707l1.604,11.224c0.277,1.939 0.415,2.909 0.782,3.775c0.325,0.768 0.781,1.474 1.346,2.087c0.638,0.691 1.465,1.217 3.117,2.269l2.349,1.495c1.126,0.716 1.69,1.075 2.295,1.214c0.465,0.108 0.947,0.121 1.416,0.042c-0.388,-0.887 -0.603,-1.867 -0.603,-2.897c0,-3.996 3.24,-7.236 7.236,-7.236c1.166,0 2.268,0.276 3.243,0.766c0.069,-0.432 0.14,-0.929 0.223,-1.514l0,-0.001l1.604,-11.224c0.126,-0.885 0.19,-1.328 0.077,-1.707c-0.099,-0.334 -0.292,-0.632 -0.557,-0.859c-0.3,-0.257 -0.73,-0.38 -1.59,-0.626l-9.441,-2.697c-0.296,-0.085 -0.444,-0.127 -0.594,-0.144c-0.134,-0.015 -0.268,-0.015 -0.402,0c-0.15,0.017 -0.298,0.059 -0.594,0.144l-9.441,2.697c-0.86,0.246 -1.29,0.369 -1.59,0.626c-0.265,0.227 -0.458,0.525 -0.557,0.859Z" style="fill:#fff"/><path d="M13.246,2.719c0.066,-0.007 0.134,-0.007 0.201,0c0.057,0.007 0.122,0.022 0.446,0.114l9.44,2.698c0.444,0.126 0.727,0.208 0.94,0.287c0.202,0.075 0.274,0.124 0.311,0.156c0.132,0.113 0.229,0.262 0.278,0.429c0.014,0.047 0.03,0.133 0.016,0.348c-0.015,0.226 -0.056,0.518 -0.122,0.974l-1.346,9.426c-4.125,0.397 -7.351,3.873 -7.351,8.102c0,0.835 0.126,1.641 0.36,2.4l-0.451,0.286c-1.183,0.753 -1.594,1.001 -2.012,1.097c-0.401,0.092 -0.818,0.092 -1.22,0c-0.417,-0.096 -0.829,-0.344 -2.012,-1.097l-2.349,-1.494c-1.693,-1.078 -2.398,-1.535 -2.938,-2.12c-0.495,-0.536 -0.894,-1.153 -1.178,-1.825c-0.31,-0.733 -0.436,-1.564 -0.72,-3.551l-1.603,-11.224c-0.066,-0.456 -0.107,-0.748 -0.121,-0.974c-0.015,-0.215 0.001,-0.301 0.015,-0.348c0.05,-0.167 0.146,-0.316 0.279,-0.429c0.036,-0.032 0.109,-0.081 0.31,-0.156c0.213,-0.079 0.496,-0.161 0.94,-0.287l9.44,-2.698c0.324,-0.092 0.389,-0.107 0.447,-0.114Zm13.306,5.231l-1.318,9.228c4.007,0.508 7.106,3.93 7.106,8.075c0,4.496 -3.644,8.141 -8.14,8.141c-3.01,0 -5.639,-1.634 -7.048,-4.064l-0.212,0.136l-0.135,0.085c-0.996,0.634 -1.683,1.072 -2.443,1.248c-0.668,0.154 -1.364,0.154 -2.032,0c-0.76,-0.176 -1.447,-0.614 -2.443,-1.248l-0.134,-0.085l-2.466,-1.57l0,0c-1.541,-0.98 -2.461,-1.565 -3.179,-2.344c-0.637,-0.689 -1.149,-1.483 -1.515,-2.347c-0.413,-0.976 -0.567,-2.054 -0.825,-3.863l-1.628,-11.392c-0.059,-0.416 -0.111,-0.778 -0.131,-1.081c-0.021,-0.323 -0.012,-0.648 0.087,-0.98c0.148,-0.501 0.439,-0.949 0.835,-1.289c0.264,-0.226 0.557,-0.366 0.86,-0.478c0.285,-0.106 0.636,-0.206 1.04,-0.322l0.031,-0.009l9.44,-2.697l0.05,-0.014c0.247,-0.071 0.465,-0.133 0.693,-0.159c0.2,-0.022 0.402,-0.022 0.603,0c0.227,0.026 0.445,0.088 0.692,0.159l0.05,0.014l9.471,2.706c0.404,0.116 0.755,0.216 1.04,0.322c0.304,0.112 0.596,0.252 0.86,0.478c0.397,0.34 0.687,0.788 0.835,1.289c0.099,0.332 0.108,0.657 0.087,0.98c-0.02,0.303 -0.072,0.665 -0.131,1.08l0,0.001Zm-2.352,10.972c-3.497,0 -6.332,2.835 -6.332,6.331c0,3.497 2.835,6.332 6.332,6.332c3.497,0 6.331,-2.835 6.331,-6.332c0,-3.496 -2.834,-6.331 -6.331,-6.331Zm4.313,4.197c0.319,-0.384 0.268,-0.954 -0.116,-1.274c-0.384,-0.32 -0.954,-0.268 -1.274,0.116l-3.888,4.666l-2.013,-2.013c-0.354,-0.353 -0.926,-0.353 -1.28,0c-0.353,0.353 -0.353,0.926 0,1.279l2.714,2.713c0.18,0.18 0.427,0.276 0.68,0.264c0.254,-0.011 0.492,-0.129 0.654,-0.324l4.523,-5.427Zm-19.689,-10.529c0,-2.497 2.024,-4.522 4.522,-4.522c2.498,0 4.522,2.025 4.522,4.522c0,1.48 -0.71,2.794 -1.809,3.619l0,3.617c0,1.499 -1.214,2.714 -2.713,2.714c-1.499,0 -2.713,-1.215 -2.713,-2.714l0,-3.617c-1.099,-0.825 -1.809,-2.139 -1.809,-3.619Zm5.426,4.523l-1.808,0l0,2.713c0,0.5 0.405,0.905 0.904,0.905c0.5,0 0.904,-0.405 0.904,-0.905l0,-2.713Zm-0.904,-1.809c1.499,0 2.713,-1.215 2.713,-2.714c0,-1.498 -1.214,-2.713 -2.713,-2.713c-1.499,0 -2.713,1.215 -2.713,2.713c0,1.499 1.214,2.714 2.713,2.714Z" style="fill:#28323f"/></svg>

Before

Width:  |  Height:  |  Size: 3.8 KiB

View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100%" height="100%" version="1.1" viewBox="0 0 33 34" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="M4.581,4.337c-0.113,0.379 -0.049,0.822 0.077,1.707l1.604,11.224c0.277,1.939 0.415,2.909 0.782,3.775c0.325,0.768 0.781,1.474 1.346,2.087c0.638,0.691 1.465,1.217 3.117,2.269l2.349,1.495c1.126,0.716 1.69,1.075 2.295,1.214c0.465,0.108 0.947,0.121 1.416,0.042c-0.388,-0.887 -0.603,-1.867 -0.603,-2.897c0,-3.996 3.24,-7.236 7.236,-7.236c1.166,0 2.268,0.276 3.243,0.766c0.069,-0.432 0.14,-0.929 0.223,-1.514l0,-0.001l1.604,-11.224c0.126,-0.885 0.19,-1.328 0.077,-1.707c-0.099,-0.334 -0.292,-0.632 -0.557,-0.859c-0.3,-0.257 -0.73,-0.38 -1.59,-0.626l-9.441,-2.697c-0.296,-0.085 -0.444,-0.127 -0.594,-0.144c-0.134,-0.015 -0.268,-0.015 -0.402,0c-0.15,0.017 -0.298,0.059 -0.594,0.144l-9.441,2.697c-0.86,0.246 -1.29,0.369 -1.59,0.626c-0.265,0.227 -0.458,0.525 -0.557,0.859Z" style="fill:#ffd06f"/><path d="M13.246,2.719c0.066,-0.007 0.134,-0.007 0.201,0c0.057,0.007 0.122,0.022 0.446,0.114l9.44,2.698c0.444,0.126 0.727,0.208 0.94,0.287c0.202,0.075 0.274,0.124 0.311,0.156c0.132,0.113 0.229,0.262 0.278,0.429c0.014,0.047 0.03,0.133 0.016,0.348c-0.015,0.226 -0.056,0.518 -0.122,0.974l-1.346,9.426c-4.125,0.397 -7.351,3.873 -7.351,8.102c0,0.835 0.126,1.641 0.36,2.4l-0.451,0.286c-1.183,0.753 -1.594,1.001 -2.012,1.097c-0.401,0.092 -0.818,0.092 -1.22,0c-0.417,-0.096 -0.829,-0.344 -2.012,-1.097l-2.349,-1.494c-1.693,-1.078 -2.398,-1.535 -2.938,-2.12c-0.495,-0.536 -0.894,-1.153 -1.178,-1.825c-0.31,-0.733 -0.436,-1.564 -0.72,-3.551l-1.603,-11.224c-0.066,-0.456 -0.107,-0.748 -0.121,-0.974c-0.015,-0.215 0.001,-0.301 0.015,-0.348c0.05,-0.167 0.146,-0.316 0.279,-0.429c0.036,-0.032 0.109,-0.081 0.31,-0.156c0.213,-0.079 0.496,-0.161 0.94,-0.287l9.44,-2.698c0.324,-0.092 0.389,-0.107 0.447,-0.114Zm13.306,5.231l-1.318,9.228c4.007,0.508 7.106,3.93 7.106,8.075c0,4.496 -3.644,8.141 -8.14,8.141c-3.01,0 -5.639,-1.634 -7.048,-4.064l-0.212,0.136l-0.135,0.085c-0.996,0.634 -1.683,1.072 -2.443,1.248c-0.668,0.154 -1.364,0.154 -2.032,0c-0.76,-0.176 -1.447,-0.614 -2.443,-1.248l-0.134,-0.085l-2.466,-1.57l0,0c-1.541,-0.98 -2.461,-1.565 -3.179,-2.344c-0.637,-0.689 -1.149,-1.483 -1.515,-2.347c-0.413,-0.976 -0.567,-2.054 -0.825,-3.863l-1.628,-11.392c-0.059,-0.416 -0.111,-0.778 -0.131,-1.081c-0.021,-0.323 -0.012,-0.648 0.087,-0.98c0.148,-0.501 0.439,-0.949 0.835,-1.289c0.264,-0.226 0.557,-0.366 0.86,-0.478c0.285,-0.106 0.636,-0.206 1.04,-0.322l0.031,-0.009l9.44,-2.697l0.05,-0.014c0.247,-0.071 0.465,-0.133 0.693,-0.159c0.2,-0.022 0.402,-0.022 0.603,0c0.227,0.026 0.445,0.088 0.692,0.159l0.05,0.014l9.471,2.706c0.404,0.116 0.755,0.216 1.04,0.322c0.304,0.112 0.596,0.252 0.86,0.478c0.397,0.34 0.687,0.788 0.835,1.289c0.099,0.332 0.108,0.657 0.087,0.98c-0.02,0.303 -0.072,0.665 -0.131,1.08l0,0.001Zm-2.352,10.972c-3.497,0 -6.332,2.835 -6.332,6.331c0,3.497 2.835,6.332 6.332,6.332c3.497,0 6.331,-2.835 6.331,-6.332c0,-3.496 -2.834,-6.331 -6.331,-6.331Zm4.313,4.197c0.319,-0.384 0.268,-0.954 -0.116,-1.274c-0.384,-0.32 -0.954,-0.268 -1.274,0.116l-3.888,4.666l-2.013,-2.013c-0.354,-0.353 -0.926,-0.353 -1.28,0c-0.353,0.353 -0.353,0.926 0,1.279l2.714,2.713c0.18,0.18 0.427,0.276 0.68,0.264c0.254,-0.011 0.492,-0.129 0.654,-0.324l4.523,-5.427Zm-19.689,-10.529c0,-2.497 2.024,-4.522 4.522,-4.522c2.498,0 4.522,2.025 4.522,4.522c0,1.48 -0.71,2.794 -1.809,3.619l0,3.617c0,1.499 -1.214,2.714 -2.713,2.714c-1.499,0 -2.713,-1.215 -2.713,-2.714l0,-3.617c-1.099,-0.825 -1.809,-2.139 -1.809,-3.619Zm5.426,4.523l-1.808,0l0,2.713c0,0.5 0.405,0.905 0.904,0.905c0.5,0 0.904,-0.405 0.904,-0.905l0,-2.713Zm-0.904,-1.809c1.499,0 2.713,-1.215 2.713,-2.714c0,-1.498 -1.214,-2.713 -2.713,-2.713c-1.499,0 -2.713,1.215 -2.713,2.713c0,1.499 1.214,2.714 2.713,2.714Z" style="fill:#28323f"/></svg>

Before

Width:  |  Height:  |  Size: 3.8 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 18 KiB

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 12 KiB

View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" width="1333.333" height="1333.333" preserveAspectRatio="xMidYMid meet" version="1.0" viewBox="0 0 1000 1000"><metadata>Created by potrace 1.11, written by Peter Selinger 2001-2013</metadata><g fill="#000" stroke="none"><path d="M4514 8518 c-59 -6 -1852 -510 -2454 -689 -284 -85 -405 -176 -496 -373 -43 -95 -58 -186 -50 -305 6 -99 414 -2975 461 -3251 49 -291 95 -444 191 -630 158 -310 334 -501 684 -742 159 -109 1087 -697 1199 -760 205 -113 334 -150 531 -151 246 -1 385 50 722 261 81 51 150 92 155 92 4 0 30 -34 57 -76 69 -108 151 -207 258 -313 516 -509 1272 -671 1959 -421 258 94 471 231 675 434 360 361 545 803 547 1311 1 174 -10 286 -44 435 -163 721 -756 1286 -1489 1419 -90 17 -95 19 -93 42 1 13 75 533 164 1154 180 1259 185 1306 140 1435 -33 94 -76 164 -148 241 -76 80 -166 130 -328 182 -300 95 -2441 699 -2502 705 -37 4 -100 4 -139 0z m1248 -737 c1456 -416 1379 -392 1424 -443 46 -50 57 -87 51 -170 -6 -67 -318 -2288 -333 -2359 -5 -25 -10 -27 -95 -39 -595 -81 -1143 -483 -1409 -1034 -193 -400 -241 -860 -134 -1275 14 -52 21 -97 17 -101 -18 -17 -340 -215 -406 -250 -115 -61 -168 -75 -287 -75 -198 0 -199 0 -975 495 -620 395 -730 473 -853 605 -87 93 -150 181 -213 300 -87 165 -125 294 -173 590 -57 359 -438 3057 -443 3140 -5 72 -2 97 10 122 33 62 71 89 178 123 204 65 2435 699 2461 700 15 0 546 -148 1180 -329z m1548 -3426 c394 -59 762 -294 985 -630 151 -228 230 -471 242 -747 18 -401 -123 -774 -400 -1065 -393 -411 -978 -556 -1514 -377 -527 176 -905 632 -984 1185 -15 110 -6 387 16 489 84 384 307 712 630 925 301 198 658 275 1025 220z" transform="translate(0.000000,1000.000000) scale(0.100000,-0.100000)"/><path d="M4495 6869 c-350 -26 -671 -241 -835 -560 -212 -413 -131 -896 207 -1225 l93 -91 0 -450 c0 -415 2 -456 20 -527 51 -202 201 -369 392 -436 138 -48 277 -49 415 -1 183 63 328 210 391 396 l27 80 3 474 3 473 32 26 c178 144 318 379 363 611 17 91 19 270 4 367 -33 206 -135 403 -292 561 -215 219 -505 324 -823 302z m281 -443 c189 -60 338 -209 401 -400 23 -69 27 -98 26 -196 0 -129 -22 -212 -85 -318 -152 -258 -488 -370 -769 -256 -410 167 -520 702 -208 1015 170 171 404 228 635 155z m14 -1970 l0 -334 -28 -53 c-22 -43 -38 -59 -82 -82 -48 -25 -63 -28 -114 -24 -73 7 -130 43 -163 106 -23 44 -23 48 -23 383 l0 338 205 0 205 0 0 -334z" transform="translate(0.000000,1000.000000) scale(0.100000,-0.100000)"/><path d="M7835 3732 c-55 -27 -68 -42 -525 -592 -221 -267 -413 -496 -426 -510 l-24 -24 -247 245 c-271 269 -279 275 -383 267 -127 -9 -208 -121 -180 -248 12 -55 15 -58 354 -398 192 -194 358 -352 380 -364 78 -40 180 -22 244 45 75 79 1063 1273 1077 1303 8 18 15 59 15 92 0 51 -5 67 -32 108 -57 83 -168 116 -253 76z" transform="translate(0.000000,1000.000000) scale(0.100000,-0.100000)"/></g></svg>

Before

Width:  |  Height:  |  Size: 2.7 KiB

View File

@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="100%" height="100%" version="1.1" viewBox="0 0 50 50" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><g><path d="M18.466,16.31C18.279,16.938 18.384,17.673 18.594,19.141L21.253,37.755C21.713,40.971 21.942,42.578 22.551,44.015C23.09,45.289 23.845,46.46 24.783,47.476C25.842,48.623 27.212,49.494 29.952,51.238L33.848,53.717C35.716,54.906 36.65,55.5 37.654,55.732C38.426,55.91 39.224,55.933 40.003,55.801C39.359,54.33 39.002,52.706 39.002,50.997C39.002,44.37 44.375,38.997 51.002,38.997C52.936,38.997 54.763,39.455 56.381,40.267C56.494,39.55 56.612,38.726 56.751,37.755L59.41,19.141C59.62,17.673 59.725,16.938 59.538,16.31C59.374,15.756 59.053,15.261 58.615,14.885C58.117,14.458 57.403,14.255 55.977,13.847L40.321,9.374C39.83,9.234 39.585,9.164 39.335,9.136C39.114,9.111 38.891,9.111 38.669,9.136C38.42,9.164 38.174,9.234 37.684,9.374L22.027,13.847C20.601,14.255 19.887,14.458 19.39,14.885C18.951,15.261 18.63,15.756 18.466,16.31Z" transform="matrix(0.902851,0,0,0.902851,-9.0245,-8.23146)" style="fill:#fff"/></g><g><path d="M32.836,13.626C32.946,13.614 33.058,13.614 33.169,13.626C33.265,13.637 33.371,13.663 33.909,13.816L49.565,18.289C50.3,18.5 50.771,18.635 51.123,18.765C51.458,18.89 51.578,18.972 51.638,19.024C51.858,19.212 52.018,19.459 52.1,19.736C52.123,19.813 52.149,19.956 52.126,20.313C52.102,20.688 52.034,21.172 51.925,21.929L49.692,37.56C42.851,38.219 37.502,43.983 37.502,50.997C37.502,52.382 37.711,53.718 38.098,54.976L37.351,55.452C35.388,56.701 34.706,57.11 34.014,57.27C33.348,57.424 32.657,57.424 31.991,57.27C31.298,57.11 30.616,56.701 28.654,55.452L24.758,52.973C21.95,51.186 20.781,50.428 19.886,49.458C19.065,48.569 18.404,47.545 17.932,46.43C17.418,45.215 17.209,43.837 16.738,40.543L14.079,21.929C13.971,21.172 13.903,20.688 13.878,20.313C13.855,19.956 13.881,19.813 13.904,19.736C13.986,19.459 14.147,19.212 14.366,19.024C14.427,18.972 14.547,18.89 14.881,18.765C15.234,18.635 15.704,18.5 16.439,18.289L32.096,13.816C32.633,13.663 32.74,13.637 32.836,13.626ZM54.903,22.301L52.716,37.605C59.363,38.447 64.502,44.122 64.502,50.997C64.502,58.453 58.458,64.497 51.002,64.497C46.01,64.497 41.651,61.787 39.315,57.758L38.962,57.983L38.739,58.124C37.088,59.177 35.947,59.903 34.688,60.194C33.579,60.449 32.426,60.449 31.317,60.194C30.058,59.903 28.917,59.177 27.265,58.124L27.043,57.983L22.954,55.381C20.398,53.754 18.873,52.784 17.681,51.493C16.626,50.35 15.776,49.033 15.17,47.6C14.484,45.982 14.229,44.193 13.801,41.194L11.102,22.301C11.003,21.611 10.918,21.012 10.885,20.508C10.85,19.973 10.864,19.435 11.028,18.883C11.274,18.052 11.756,17.31 12.414,16.746C12.851,16.372 13.336,16.139 13.839,15.952C14.312,15.777 14.895,15.611 15.564,15.419L15.615,15.405L31.271,10.932L31.354,10.908C31.764,10.791 32.125,10.687 32.502,10.645C32.835,10.608 33.17,10.608 33.502,10.645C33.88,10.687 34.241,10.791 34.65,10.908L34.733,10.932L50.44,15.419C51.11,15.611 51.692,15.777 52.166,15.952C52.668,16.139 53.154,16.372 53.591,16.746C54.249,17.31 54.73,18.052 54.977,18.883C55.14,19.435 55.155,19.973 55.12,20.508C55.087,21.012 55.001,21.611 54.903,22.3L54.903,22.301ZM51.002,40.497C45.203,40.497 40.502,45.198 40.502,50.997C40.502,56.796 45.203,61.497 51.002,61.497C56.801,61.497 61.502,56.796 61.502,50.997C61.502,45.198 56.801,40.497 51.002,40.497ZM58.154,47.458C58.685,46.821 58.599,45.875 57.962,45.345C57.326,44.815 56.38,44.9 55.85,45.537L49.401,53.275L46.063,49.936C45.477,49.351 44.527,49.351 43.942,49.936C43.356,50.522 43.356,51.472 43.942,52.058L48.442,56.558C48.74,56.856 49.149,57.015 49.57,56.996C49.991,56.977 50.385,56.781 50.654,56.458L58.154,47.458ZM25.502,29.997C25.502,25.855 28.86,22.497 33.002,22.497C37.144,22.497 40.502,25.855 40.502,29.997C40.502,32.451 39.324,34.629 37.502,35.998L37.502,41.997C37.502,44.483 35.488,46.497 33.002,46.497C30.517,46.497 28.502,44.483 28.502,41.997L28.502,35.998C26.681,34.629 25.502,32.451 25.502,29.997ZM34.502,37.497L31.502,37.497L31.502,41.997C31.502,42.826 32.174,43.497 33.002,43.497C33.831,43.497 34.502,42.826 34.502,41.997L34.502,37.497ZM33.002,34.497C35.488,34.497 37.502,32.483 37.502,29.997C37.502,27.512 35.488,25.497 33.002,25.497C30.517,25.497 28.502,27.512 28.502,29.997C28.502,32.483 30.517,34.497 33.002,34.497Z" transform="matrix(0.902851,0,0,0.902851,-9.0245,-8.23146)" style="fill:#28323f"/></g></svg>

Before

Width:  |  Height:  |  Size: 4.3 KiB

View File

@ -1,12 +1,12 @@
@font-face {
font-family: 'Bagnard';
src: url("/assets/fonts/bagnard/Bagnard.woff") format("woff");
src: url("/assets/brand/WOFF/bagnard/Bagnard.woff") format("woff");
font-display: swap;
}
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-Bold.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-Bold.woff2') format('woff2');
font-weight: bold;
font-style: normal;
font-display: swap;
@ -14,7 +14,7 @@
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-BoldItalic.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-BoldItalic.woff2') format('woff2');
font-weight: bold;
font-style: italic;
font-display: swap;
@ -22,7 +22,7 @@
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-Light.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-Light.woff2') format('woff2');
font-weight: 300;
font-style: normal;
font-display: swap;
@ -30,7 +30,7 @@
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-Italic.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-Italic.woff2') format('woff2');
font-weight: normal;
font-style: italic;
font-display: swap;
@ -38,7 +38,7 @@
@font-face {
font-family: 'Public Sans';
src: url('/assets/fonts/public_sans/PublicSans-Regular.woff2') format('woff2');
src: url('/assets/brand/WOFF/public_sans/PublicSans-Regular.woff2') format('woff2');
font-weight: normal;
font-style: normal;
font-display: swap;
@ -46,7 +46,7 @@
@font-face {
font-family: 'DM Mono';
src: url('/assets/fonts/dm_mono/DMMono-Regular.woff2') format('woff2');
src: url('/assets/brand/WOFF/dm_mono/DMMono-Regular.woff2') format('woff2');
font-weight: normal;
font-style: normal;
font-display: swap;
@ -54,7 +54,7 @@
@font-face {
font-family: 'DM Mono';
src: url('/assets/fonts/dm_mono/DMMono-Medium.woff2') format('woff2');
src: url('/assets/brand/WOFF/dm_mono/DMMono-Medium.woff2') format('woff2');
font-weight: 500;
font-style: normal;
font-display: swap;
@ -79,7 +79,7 @@
/* Better contrast link colors */
[data-md-color-scheme="default"] > * {
--md-typeset-a-color: #3C00E0;
--md-typeset-a-color: rgb(79, 70, 229);
}
[data-md-color-scheme="slate"] {
@ -90,6 +90,7 @@
.md-typeset .md-button {
color: var(--md-typeset-a-color);
margin-bottom: 5px;
border-radius: 6px;
}
.md-typeset .md-button--primary {
color: white;
@ -107,9 +108,13 @@ h1, h2, h3, .md-header__topic {
/* Recommendation cards */
.md-typeset .admonition.recommendation,
.md-typeset details.recommendation {
border: none;
border: 1px solid #ccc;
font-size: inherit;
}
[data-md-color-scheme="slate"] .md-typeset .admonition.recommendation,
[data-md-color-scheme="slate"] .md-typeset details.recommendation {
border: 1px solid #666;
}
.md-typeset .recommendation > .admonition-title,
.md-typeset .recommendation > summary {
background-color: rgba(43, 155, 70, 0.0);
@ -146,8 +151,8 @@ h1, h2, h3, .md-header__topic {
right:auto;
}
.downloads p > a:not(:last-child) {
padding-right: 0.5em;
.downloads p > a {
padding-left: 0.5em;
}
details[class="downloads annotate"] > p .md-annotation span span::before {
vertical-align: 0;
@ -240,9 +245,55 @@ details[class="downloads annotate"] > p .md-annotation span span::before {
}
[data-md-color-scheme="slate"] .pg-blue-gray {
color: #9ab2bc;
}
/* Make light/dark mode icon smaller */
label[class="md-header__button md-icon"] svg {
height: 1rem;
width: 1rem;
}
.md-typeset :is(.admonition, details) {
box-shadow: none;
border-radius: 6px;
border: 1px solid;
border-left-width: 1px!important;
}
.md-typeset :is(.admonition-title, summary) {
margin-left: -0.6rem!important;
}
.md-typeset details:not(.downloads, [open]) summary:hover {
box-shadow: inset 0 0 100px 100px rgba(255, 255, 255, 0.6);
}
[data-md-color-scheme="slate"] .md-typeset details:not(.downloads, [open]) summary:hover {
box-shadow: inset 0 0 100px 100px rgba(255, 255, 255, 0.1);
}
[data-md-color-scheme="default"] .md-search__form {
background-color: hsla(0,0%,100%,.3);
}
.md-search__form:hover {
background-color: hsla(0,0%,100%,.9);
}
[data-md-color-scheme="slate"] .md-search__form:hover {
background-color: rgba(0, 0, 0, 0.4);
}
.md-search__form, .md-typeset .grid.cards > :is(ul, ol) > li, .md-typeset .grid > .card {
border-radius: 6px;
}
[data-md-toggle="search"]:checked ~ .md-header .md-search__form {
border-radius: 6px 6px 0 0;
box-shadow: none;
}
[data-md-toggle="search"]:checked ~ .md-header .md-search__output {
border-radius: 0 0 6px 6px;
box-shadow: none;
}
.md-tooltip {
border-radius: 6px;
box-shadow: none;
border: 1px solid rgba(128, 128, 128, 0.3);
}
.md-typeset .grid.cards > :is(ul, ol) > li:is(:focus-within, :hover), .md-typeset .grid > .card:is(:focus-within, :hover) {
box-shadow: none;
border-color: rgba(128, 128, 128, 0.5);
}

View File

@ -50,7 +50,7 @@ For the account email, either create a new alternate email account via your prov
You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some.
For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](security/multi-factor-authentication) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](/passwords/#local-password-managers) can be useful for this).
For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](basics/multi-factor-authentication) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](/passwords/#local-password-managers) can be useful for this).
If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password.

View File

@ -0,0 +1,42 @@
---
title: Email Security
icon: material/email
---
Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed.
As a result, email is best used for receiving transactional emails (like notifications, verification emails, password resets, etc.) from the services you sign up for online, not for communicating with others.
## Email Encryption Overview
The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org).
There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however, it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480).
Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible.
### What Email Clients Support E2EE?
Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). This can be less secure as you are now relying on email providers to ensure that their encryption implementation works and has not been compromised in anyway.
### How Do I Protect My Private Keys?
A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message, and includes some visible headers that you may have seen such as: `To`, `From`, `Cc`, `Date`, `Subject`. There are also a number of hidden headers included by many email clients and providers that can reveal information about your account.
Client software may use email metadata to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent.
### Who Can View Email Metadata?
Email metadata is protected from outside observers with [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) protecting it from outside observers, but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Sometimes email servers will also use third-party services to protect against spam, which generally also have access to your messages.
### Why Can't Metadata be E2EE?
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
--8<-- "includes/abbreviations.en.md"

View File

@ -11,11 +11,11 @@ To erase a storage device **thoroughly**, you should securely erase the whole de
## Erasing Your Entire Drive
When you delete a file, the operating system marks the space where the deleted file was as "empty". That "empty" space can be fairly easily undeleted, yielding the original file.
When you delete a file, the operating system marks the space where the deleted file was as "empty." That "empty" space can be fairly easily undeleted, yielding the original file.
### Magnetic storage
If the disk is a magnetic storage device such as spinning hard disk we suggest using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe). `nwipe` can be installed in most Linux distributions. If you wish to use a complete boot environment on a system, consider using [ShredOS Disk Eraser](https://github.com/PartialVolume/shredos.x86_64). ShredOS boots straight into `nwipe` and allows you to erase available disks. To install it to a flash USB stick see the [installation methods](https://github.com/PartialVolume/shredos.x86_64/blob/master/README.md#obtaining-and-writing-shredos-to-a-usb-flash-drive-the-easy-way-).
If the disk is a magnetic storage device, such as a spinning hard disk, we suggest using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe). `nwipe` can be installed in most Linux distributions. If you wish to use a complete boot environment on a system, consider using [ShredOS Disk Eraser](https://github.com/PartialVolume/shredos.x86_64). ShredOS boots straight into `nwipe` and allows you to erase available disks. To install it to a flash USB stick see the [installation methods](https://github.com/PartialVolume/shredos.x86_64/blob/master/README.md#obtaining-and-writing-shredos-to-a-usb-flash-drive-the-easy-way-).
Once you have your boot media, enter your system's UEFI settings and boot from the USB stick. Commonly used keys to access UEFI are ++f2++, ++f12++, or ++del++. Follow the on-screen prompts to wipe your data.
@ -33,6 +33,6 @@ Physical destruction may be necessary to securely erase devices such as memory c
Securely shredding **individual files** is difficult if not impossible. Copies can exist in a variety of ways such as through manual, or automatic backups, [wear leveling](https://en.wikipedia.org/wiki/Wear_leveling) (on modern [flash storage](https://en.wikipedia.org/wiki/Solid-state_drive)), caching and filesystem [journaling](https://en.wikipedia.org/wiki/Journaling_file_system).
Wear leveled devices do not guarantee a fixed relationship between [logical blocks addressed](https://en.wikipedia.org/wiki/Logical_block_addressing) through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, therefore shredding may not provide adequate security.
Wear leveled devices do not guarantee a fixed relationship between [logical blocks addressed](https://en.wikipedia.org/wiki/Logical_block_addressing) through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, so shredding may not provide adequate security.
--8<-- "includes/abbreviations.en.md"

View File

@ -0,0 +1,86 @@
---
title: VPN Overview
icon: material/vpn
---
Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (ie. modem).
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](/basics/dns.md/#why-shouldnt-i-use-encrypted-dns).
A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it.
## Should I use a VPN?
**Yes**, unless you are already using Tor. A VPN does 2 things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third party service.
VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way.
However, they do hide your actual IP from a third party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking.
## What about encryption?
Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption.
In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf).
## Should I use encrypted DNS with a VPN?
Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third party servers will simply add more entities to trust, and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider.
A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for [TLS certificates](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) with **HTTPS** and warn you about it. If you are not using **HTTPS**, then an adversary can still just modify anything other than your DNS queries and the end result will be little different.
Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit, and would allow the encrypted DNS provider to deanonymize you.
## Should I use Tor *and* a VPN?
By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefit to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required).
## What if I need anonymity?
VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead.
## What about VPN providers that provides Tor nodes?
Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [http3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
Thus, this feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For true anonymity, use the Tor Browser Bundle, TorSocks, or a Tor gateway.
## When are VPNs useful?
A VPN may still be useful to you in a variety of scenarios, such as:
1. Hiding your traffic from **only** your Internet Service Provider.
2. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
3. Hiding your IP from third party websites and services, preventing IP based tracking.
For use cases like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor.
## Sources and Further Reading
1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
2. [The self-contained networks](../self-contained-networks.md) recommended by Privacy Guides are able to replace a VPN that allows access to services on local area network
3. [Slicing Onions: Part 1 Myth-busting Tor](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904) by blacklight447
4. [Slicing Onions: Part 2 Onion recipes; VPN not required](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required) by blacklight447
5. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
6. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
## Related VPN Information
- [The Trouble with VPN and Privacy Review Sites](https://medium.com/privacyguides/the-trouble-with-vpn-and-privacy-review-sites-ae9b29eda8fd)
- [Proxy.sh VPN Provider Sniffed Server Traffic to Catch Hacker](https://torrentfreak.com/proxy-sh-vpn-provider-monitored-traffic-to-catch-hacker-130930/)
- [blackVPN announced to delete connection logs after disconnection](https://medium.com/@blackVPN/no-logs-6d65d95a3016)
- [Don't use LT2P IPSec, use other protocols.](https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa)
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
## VPN Security Breaches
Some examples of why external security auditing is important:
- ["Zero logs" VPN exposes millions of logs including user passwords, claims data is anonymous](https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/) July 2020
- [NordVPN HTTP POST bug exposed customer information, no authentication required](https://www.zdnet.com/article/nordvpn-http-post-bug-exposed-sensitive-customer-information/) March 2020
- [Row erupts over who to blame after NordVPN says: One of our servers was hacked via remote management tool](https://www.theregister.com/2019/10/21/nordvpn_security_issue/) October 2019
- [VPN servers seized by Ukrainian authorities weren't encrypted and allowed authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them](https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/) July 2021
--8<-- "includes/abbreviations.en.md"

View File

@ -7,7 +7,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
??? Attention "Email does not provide forward secrecy"
When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email.
OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](email.md#email-encryption-overview). Consider using a medium that provides forward secrecy:
OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](basics/email-security.md). Consider using a medium that provides forward secrecy:
[Real-time Communication](real-time-communication.md){ .md-button }
@ -123,6 +123,25 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
[:pg-f-droid:](https://f-droid.org/packages/com.fsck.k9){ .card-link title=F-Droid }
[:fontawesome-brands-github:](https://github.com/k9mail/k-9/releases){ .card-link title=GitHub }
## FairEmail
!!! recommendation
![FairEmail logo](assets/img/email-clients/fairemail.svg){ align=right }
**FairEmail** is a minimal, open source email app, using open standards (IMAP, SMTP, OpenPGP) with a low data and battery usage.
[:octicons-home-16: Homepage](https://email.faircode.eu){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/M66B/FairEmail/blob/master/FAQ.md){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/M66B/FairEmail){ .card-link title="Source Code" }
[:octicons-heart-16:](https://email.faircode.eu/donate/){ .card-link title=Contribute }
??? downloads
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=eu.faircode.email){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/eu.faircode.email/){ .card-link title=F-Droid }
## Canary Mail
!!! recommendation
@ -136,7 +155,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry
[:octicons-info-16:](https://canarymail.zendesk.com/){ .card-link title=Documentation}
??? downloads
[:fontawesome-brands-app-store:](https://apps.apple.com/app/id1236045954){ .card-link title="Mac App Store" }
[:fontawesome-brands-app-store-ios:](https://apps.apple.com/app/id1236045954){ .card-link title="App Store" }
[:fontawesome-brands-windows:](https://canarymail.io/downloads.html){ .card-link title=Windows }

View File

@ -294,7 +294,7 @@ Advanced system administrators may consider setting up their own email server. M
![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right }
**Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
[:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
@ -304,7 +304,7 @@ Advanced system administrators may consider setting up their own email server. M
![Mailcow logo](assets/img/email/mailcow.svg){ align=right }
**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mailserver with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.
[:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" }
@ -349,6 +349,7 @@ We prefer our recommended providers to collect as little data as possible.
- Protect sender's IP address. Filter it from showing in the `Received` header field.
- Don't require personally identifiable information (PII) besides username and password.
- Privacy policy that meets the requirements defined by the GDPR
- Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/).
**Best Case:**
@ -422,59 +423,5 @@ Must not have any marketing which is irresponsible:
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
## Email Encryption Overview
### What is end-to-end encryption (E2EE) in email?
E2EE is a way of encrypting email contents so that nobody but the recipient(s) can read the email message.
### How can I encrypt my email?
The standard way to do email E2EE and have it work between different email providers is with OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org).
There is another standard that was popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480).
### What software can I use to get E2EE?
Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](email-clients.md). This can be less secure as you are now relying on email providers to ensure that their encryption implementation works and has not been compromised in anyway.
### How do I protect my private keys?
A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
### Who can see the email metadata?
Email metadata is able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients. Sometimes email servers will also use external parties to protect against spam.
### What is email metadata?
Email software will often show some visible headers that you may have seen such as: `To`, `From`, `Cc`, `Date`, `Subject`.
### When is email metadata used?
Client software may use it to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent.
### Where is the email metadata?
Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message.
### Why can't email metadata be E2EE?
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally and is also optional, therefore, only the message content is protected.
### How is my metadata protected?
When emails travel between email providers an encrypted connection is negotiated using [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS). This protects the metadata from outside observers, but as it is not E2EE, server administrators can snoop on the metadata of an email.
## Additional Reading
- [An NFC PGP SmartCard For Android](https://www.grepular.com/An_NFC_PGP_SmartCard_For_Android)
- [Aging 'Privacy' Law Leaves Cloud E-Mail Open to Cops (2011)](https://www.wired.com/2011/10/ecpa-turns-twenty-five/)
- [The Government Can (Still) Read Most Of Your Emails Without A Warrant (2013)](https://thinkprogress.org/the-government-can-still-read-most-of-your-emails-without-a-warrant-322fe6defc7b/)
--8<-- "includes/abbreviations.en.md"

View File

@ -314,7 +314,7 @@ When encrypting with PGP, you have the option to configure different options in
![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right }
**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients, such as [K-9 Mail](email-clients.md#k-9-mail), and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }

View File

@ -38,11 +38,11 @@ Some distributions like Arch Linux have the [linux-hardened](https://github.com/
LKRG is a kernel module that performs runtime integrity check on the kernel to help detect detect exploits against the kernel. LKRG works in a *post*-detect fashion, attempting to respond to unauthorized modifications to the running Linux kernel. While it is [bypassable by design](https://lkrg.org/), it does stop off-the-shelf malware that does not specifically target LKRG itself. This may make exploits harder to develop and execute on vulnerable systems.
If you can get LKRG and maintain module updates it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions on how this can be achieved. There is no LKRG package for Fedora yet, however the Qubes OS project has a COPR repository which [may become]((https://github.com/QubesOS/qubes-issues/issues/5461) part of the main distribution in the future. Archlinux based systems provide LKRG DKMS modules via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
If you can get LKRG and maintain module updates it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions on how this can be achieved. There is no LKRG package for Fedora yet, however the Qubes OS project has a COPR repository which [may become](https://github.com/QubesOS/qubes-issues/issues/5461) part of the main distribution in the future. Archlinux based systems provide LKRG DKMS modules via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
## GRSecurity
GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. It requires [payment to access]((https://github.com/QubesOS/qubes-issues/issues/5461) the code.
GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. It requires [payment to access](https://github.com/QubesOS/qubes-issues/issues/5461) the code.
## Simultaneous multithreading (SMT)

View File

@ -85,7 +85,7 @@ The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matr
??? downloads
[:pg-flathub: Flatpak](https://flathub.org/apps/details/org.briarproject.Briar){ .card-link title=Flatpak }
[:pg-flathub:](https://flathub.org/apps/details/org.briarproject.Briar){ .card-link title=Flatpak }
[:fontawesome-brands-google-play:](https://play.google.com/store/apps/details?id=org.briarproject.briar.android){ .card-link title="Google Play" }
[:pg-f-droid:](https://f-droid.org/packages/org.briarproject.briar.android){ .card-link title=F-Droid }

View File

@ -255,6 +255,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
- ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact)
- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope)
- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail)
- ![FairEmail logo](assets/img/email-clients/fairemail.svg){ .twemoji } [FairEmail (Android)](email-clients.md#fairemail)
- ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail)
- ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt)

View File

@ -19,7 +19,7 @@ Find a no-logging VPN operator who isnt out to sell or read your web traffic.
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved.
[More Info](#vpn-overview){ .md-button }
[More Info](basics/vpn-overview.md){ .md-button }
## Recommended Providers
@ -300,78 +300,4 @@ Responsible marketing that is both educational and useful to the consumer could
While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.
## VPN Overview
### Should I use a VPN?
**Yes**, unless you are already using Tor. A VPN does 2 things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third party service.
VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way.
However, they do hide your actual IP from a third party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking.
### What about encryption?
Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption.
In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf).
### Should I use encrypted DNS with a VPN?
Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third party servers will simply add more entities to trust, and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider.
A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for [TLS certificates](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) with **HTTPS** and warn you about it. If you are not using **HTTPS**, then an adversary can still just modify anything other than your DNS queries and the end result will be little different.
Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit, and would allow the encrypted DNS provider to deanonymize you.
### Should I use Tor *and* a VPN?
By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefit to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required).
### What if I need anonymity?
VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead.
### What about VPN providers that provides Tor nodes?
Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [http3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non TCP packets through their VPN server (your first hop). This is the case with [Proton VPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
Thus, this feature should be viewed as a convenient way to access the Tor Network, not to stay annonymous. For true anonimity, use the Tor Browser Bundle, TorSocks, or a Tor gateway.
### When are VPNs useful?
A VPN may still be useful to you in a variety of scenarios, such as:
1. Hiding your traffic from **only** your Internet Service Provider.
2. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
3. Hiding your IP from third party websites and services, preventing IP based tracking.
For use cases like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor.
### Sources and Further Reading
1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
2. [The self-contained networks](self-contained-networks.md) recommended by Privacy Guides are able to replace a VPN that allows access to services on local area network
3. [Slicing Onions: Part 1 Myth-busting Tor](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904) by blacklight447
4. [Slicing Onions: Part 2 Onion recipes; VPN not required](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required) by blacklight447
5. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
6. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
## Related VPN information
- [The Trouble with VPN and Privacy Review Sites](https://medium.com/privacyguides/the-trouble-with-vpn-and-privacy-review-sites-ae9b29eda8fd)
- [Proxy.sh VPN Provider Sniffed Server Traffic to Catch Hacker](https://torrentfreak.com/proxy-sh-vpn-provider-monitored-traffic-to-catch-hacker-130930/)
- [blackVPN announced to delete connection logs after disconnection](https://medium.com/@blackVPN/no-logs-6d65d95a3016)
- [Don't use LT2P IPSec, use other protocols.](https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa)
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
## VPN Related breaches - why external auditing is important
- ["Zero logs" VPN exposes millions of logs including user passwords, claims data is anonymous](https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/) July 2020
- [NordVPN HTTP POST bug exposed customer information, no authentication required](https://www.zdnet.com/article/nordvpn-http-post-bug-exposed-sensitive-customer-information/) March 2020
- [Row erupts over who to blame after NordVPN says: One of our servers was hacked via remote management tool](https://www.theregister.com/2019/10/21/nordvpn_security_issue/) October 2019
- [VPN servers seized by Ukrainian authorities weren't encrypted and allowed authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them](https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/) July 2021
--8<-- "includes/abbreviations.en.md"

View File

@ -49,8 +49,8 @@ edit_uri: edit/main/docs/
theme:
name: material
custom_dir: theme
logo: assets/logo.svg
favicon: assets/img/layout/favicon.ico
logo: assets/brand/SVG/Logo/privacy-guides-logo-notext-colorbg.svg
favicon: assets/brand/PNG/Favicon/favicon-32x32.png
icon:
repo: fontawesome/brands/github
font: false
@ -77,6 +77,10 @@ watch:
- includes
plugins:
- minify:
minify_html: true
htmlmin_opts:
remove_comments: true
- i18n:
default_language: en
material_alternate: true
@ -94,7 +98,7 @@ plugins:
- cdn.jsdelivr.net/npm/mathjax@3/*
- api.privacyguides.net/*
extra_css:
- stylesheets/extra.css
- assets/stylesheets/extra.css
markdown_extensions:
- admonition
- pymdownx.details
@ -133,8 +137,8 @@ markdown_extensions:
toc_depth: 4
extra_javascript:
- javascripts/mathjax.js
- javascripts/feedback.js
- assets/javascripts/mathjax.js
- assets/javascripts/feedback.js
nav:
- Home: 'index.md'
@ -146,6 +150,8 @@ nav:
- 'basics/multi-factor-authentication.md'
- 'basics/dns.md'
- 'basics/erasing-data.md'
- 'basics/email-security.md'
- 'basics/vpn-overview.md'
- 'Android':
- 'android/overview.md'
- 'android/grapheneos-vs-calyxos.md'

View File

@ -1,6 +1,6 @@
{% extends "base.html" %}
{% block extrahead %}
<link rel="stylesheet" href="{{ 'overrides/home.css' | url }}">
<link rel="stylesheet" href="{{ 'assets/stylesheets/home.css' | url }}">
<link rel="me" href="https://aragon.sh/@jonah">
<link rel="me" href="https://fosstodon.org/@freddy">
<link rel="me" href="https://mastodon.social/@dngray">