1
0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-03 18:12:41 +00:00

Compare commits

..

37 Commits

Author SHA1 Message Date
c533c4fe47 Remove Standard Notes 2023-10-13 23:14:46 -05:00
b3a26717cd Improve SSH commit signing instructions (#2265)
Signed-off-by: Jonah Aragon <jonah@triplebit.net>
2023-10-13 22:28:20 -05:00
b0b6434f28 Remove Plausible analytics (#2305) 2023-10-11 22:42:29 -05:00
42bce85c7f Use WebP for cover images (#2301) 2023-10-11 11:23:08 -05:00
aa54b66a03 MAC address randomization update (#2303) 2023-10-11 11:18:48 -05:00
122646d0f8 Add more information about Bitlocker (#2302)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
Signed-off-by: Freddy <freddy@privacyguides.org>
2023-10-11 21:03:19 +10:30
9bd5e84d32 Re-add Onion Browser (#2299) 2023-10-10 15:18:36 +01:00
025a07e658 Fix indent in email marketing criteria (#2298) 2023-10-10 07:49:26 +02:00
4621a11016 Fix broken link common misconceptions (#2296)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-10-09 23:08:36 +10:30
46d2d50842 Add note about security audit to addy.io (#2297)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
Signed-off-by: Freddy <freddy@privacyguides.org>
2023-10-09 22:28:32 +10:30
3dbc2f0083 Recommend Obtainium (#2294) 2023-10-09 10:38:12 +01:00
06fc5e9f1d Add more information about WKD (#2291) 2023-10-06 12:39:42 -05:00
880bfd3cb2 Provide example of QNAME minimization (#2290) 2023-10-06 12:38:49 -05:00
f37cd9e7f2 Additional SimpleX downloads (#2283)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
Signed-off-by: blacklight447 <github.ef27z@simplelogin.com>
Signed-off-by: Freddy <freddy@privacyguides.org>
2023-10-05 20:00:27 +10:30
78eb8f8eac Update Tutanota aliases (#2287)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-10-05 16:11:26 +10:30
0a83385de0 Update dependencies (#2289) 2023-10-04 16:45:24 -05:00
a85690b306 Startpage, mention Bing as source (#2281) 2023-09-28 18:45:22 +09:30
38dcfbb3e1 Remove bogus link (#2282)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-09-26 04:57:49 +09:30
95516f6344 Update feeder repo url (#2280) 2023-09-23 13:42:56 +09:30
edae556a2a Bump crowdin/github-action from 1.13.0 to 1.13.1
Bumps [crowdin/github-action](https://github.com/crowdin/github-action) from 1.13.0 to 1.13.1.
- [Release notes](https://github.com/crowdin/github-action/releases)
- [Commits](https://github.com/crowdin/github-action/compare/v1.13.0...v1.13.1)

---
updated-dependencies:
- dependency-name: crowdin/github-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-23 13:39:05 +09:30
d52e533fa2 Update Proton Calendar information (#2278)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-09-21 00:27:57 +09:30
e7686c1cc1 Update note about MySudo's iOS exclusivity (#2277)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
Signed-off-by: Freddy <freddy@privacyguides.org>
2023-09-18 15:16:49 +09:30
d94da5094f Bump crowdin/github-action from 1.12.0 to 1.13.0
Bumps [crowdin/github-action](https://github.com/crowdin/github-action) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/crowdin/github-action/releases)
- [Commits](https://github.com/crowdin/github-action/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: crowdin/github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-13 04:39:11 +00:00
4caef8ef1e Add Proton Drive Windows (#2275)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-09-12 16:23:36 +09:30
42de2565ba Bump actions/cache from 3.3.1 to 3.3.2
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.3.1...v3.3.2)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-10 20:12:17 +09:30
5d6992bf76 Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 04:23:13 +00:00
4867ca9b79 Make list item clickable (#2269)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
Signed-off-by: mfwmyfacewhen <94880365+mfwmyfacewhen@users.noreply.github.com>
2023-08-31 19:30:50 +09:30
19119a4c03 Update team member info (#2270)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-08-31 15:38:23 +09:30
e619ccaf28 AnonAddy rebranded as addy.io (#2263)
https://addy.io/blog/anonaddy-has-rebranded-as-addy-io/

Signed-off-by: Freddy <freddy@privacyguides.org>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-08-22 13:38:04 +09:30
e44e24d77f Bump modules/mkdocs-material from 8fd8ceb to 6b4bfc2
Bumps [modules/mkdocs-material](https://github.com/privacyguides/mkdocs-material-insiders) from `8fd8ceb` to `6b4bfc2`.
- [Commits](8fd8ceb5b1...6b4bfc21f8)

---
updated-dependencies:
- dependency-name: modules/mkdocs-material
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-04 04:29:09 +00:00
465e499db1 Update Qubes-OS "Qube" instead of VM (#2257)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-08-02 04:49:01 +09:30
e277417ab2 Fix Fedora links (#2256)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-07-30 20:21:30 +09:30
659a03be58 Update dependencies (#2248) 2023-07-29 10:24:55 -05:00
f69e1ad6af Update countries VPN providers (#2255) 2023-07-28 16:02:39 +09:30
94599e568d Place Brave's Web3 settings on multiple lines (#2253)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-07-28 15:52:50 +09:30
d653735a3b Correction HTTPS instruction Brave Android (#2246)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2023-07-28 14:29:12 +09:30
ddc800d6e4 Bump modules/mkdocs-material from afb31ad to d2033e5
Bumps [modules/mkdocs-material](https://github.com/privacyguides/mkdocs-material-insiders) from `afb31ad` to `d2033e5`.
- [Commits](afb31add19...d2033e5aee)

---
updated-dependencies:
- dependency-name: modules/mkdocs-material
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-28 04:14:00 +00:00
118 changed files with 801 additions and 925 deletions

View File

@ -36,10 +36,10 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: crowdin action
uses: crowdin/github-action@v1.11.0
uses: crowdin/github-action@v1.13.1
with:
upload_sources: true
upload_sources_args: '--auto-update --delete-obsolete'

View File

@ -40,7 +40,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: '0'
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
@ -53,9 +53,10 @@ jobs:
uses: actions/setup-python@v4
with:
python-version: '3.8'
cache: 'pipenv'
- name: Cache files
uses: actions/cache@v3.3.1
uses: actions/cache@v3.3.2
with:
key: ${{ github.ref }}
path: .cache
@ -64,6 +65,7 @@ jobs:
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Build website
env:

View File

@ -34,7 +34,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: '0'
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
@ -50,22 +50,20 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: '0'
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
submodules: 'true'
- name: Pages setup
uses: actions/configure-pages@v3
- name: Python setup
uses: actions/setup-python@v4
with:
python-version: '3.8'
cache: 'pipenv'
- name: Cache files
uses: actions/cache@v3.3.1
uses: actions/cache@v3.3.2
with:
key: ${{ github.ref }}
path: .cache

View File

@ -1,15 +1,15 @@
# Copyright (c) 2022-2023 Jonah Aragon <jonah@triplebit.net>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE

776
Pipfile.lock generated

File diff suppressed because it is too large Load Diff

View File

@ -93,10 +93,9 @@ theme:
- search.highlight
extra_css:
- assets/stylesheets/extra.css?v=3.2.0
- assets/stylesheets/extra.css?v=3.15.0
extra_javascript:
- assets/javascripts/mathjax.js
- assets/javascripts/feedback.js
watch:
- ../theme
@ -120,7 +119,6 @@ plugins:
privacy:
assets_exclude:
- cdn.jsdelivr.net/npm/mathjax@3/*
- api.privacyguides.net/*
optimize:
enabled: !ENV [NETLIFY, false]
typeset: {}

View File

@ -36,20 +36,6 @@ edit_uri: edit/main/docs/
extra:
generator: false
analytics:
provider: plausible
property: privacyguides.org
feedback:
title: "Was this page helpful?"
ratings:
- icon: material/robot-happy-outline
name: "This page was helpful"
data: Helpful
note: "Thanks for your feedback!"
- icon: material/robot-confused
name: "This page could be improved"
data: Needs Improvement
note: "Thanks for your feedback! Help us improve this page by opening a <a href='https://discuss.privacyguides.net/'>discussion on our forum</a>."
theme:
language: en
@ -143,7 +129,6 @@ nav:
- About:
- 'about/index.md'
- 'about/criteria.md'
- 'about/statistics.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- Community:

View File

@ -36,20 +36,6 @@ edit_uri: edit/main/i18n/es/
extra:
generator: false
analytics:
provider: plausible
property: privacyguides.org
feedback:
title: "¿Le ha resultado útil esta página?"
ratings:
- icon: material/robot-happy-outline
name: "Esta página fue útil"
data: Helpful
note: "Gracias por sus comentarios!"
- icon: material/robot-confused
name: "Esta página se podría mejorar"
data: Needs Improvement
note: "Gracias por sus comentarios. Ayúdenos a mejorar esta página abriendo un <a href='https://discuss.privacyguides.net/'>debate en nuestro foro</a>."
theme:
language: es
@ -141,7 +127,6 @@ nav:
- Acerca de:
- 'about/index.md'
- 'about/criteria.md'
- 'about/statistics.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- Comunidad:

View File

@ -36,20 +36,6 @@ edit_uri: edit/main/i18n/fr/
extra:
generator: false
analytics:
provider: plausible
property: privacyguides.org
feedback:
title: "Cette page vous a été utile ?"
ratings:
- icon: material/robot-happy-outline
name: "Cette page a été utile"
data: Helpful
note: "Merci pour votre retour !"
- icon: material/robot-confused
name: "Cette page pourrait être améliorée"
data: Needs Improvement
note: "Merci pour vos commentaires ! Aidez-nous à améliorer cette page en ouvrant une <a href='https://discuss.privacyguides.net/'>discussion sur notre forum</a>."
theme:
language: fr
@ -141,7 +127,6 @@ nav:
- "À propos":
- 'about/index.md'
- 'about/criteria.md'
- 'about/statistics.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- "Communauté":

View File

@ -36,20 +36,6 @@ edit_uri: edit/main/i18n/he/
extra:
generator: false
analytics:
provider: plausible
property: privacyguides.org
feedback:
title: "האם הדף הזה עזר לך?"
ratings:
- icon: material/robot-happy-outline
name: "הדף הזה היה מועיל"
data: Helpful
note: "תודה על המשוב שלך!"
- icon: material/robot-confused
name: "דף זה יכול להשתפר"
data: Needs Improvement
note: "תודה על המשוב שלך! Help us improve this page by opening a <a href='https://discuss.privacyguides.net/'>discussion on our forum</a>."
extra_css:
- assets/stylesheets/extra.css?v=3.2.0
@ -145,7 +131,6 @@ nav:
- "על אודות":
- 'about/index.md'
- 'about/criteria.md'
- 'about/statistics.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- Community:

View File

@ -36,20 +36,6 @@ edit_uri: edit/main/i18n/it/
extra:
generator: false
analytics:
provider: plausible
property: privacyguides.org
feedback:
title: "Questa pagina è stata utile?"
ratings:
- icon: material/robot-happy-outline
name: "Questa pagina è stata utile"
data: Helpful
note: "Grazie per il tuo feedback!"
- icon: material/robot-confused
name: "Questa pagina può essere migliorata"
data: Needs Improvement
note: "Grazie per il tuo feedback! Aiutaci a migliorare questa pagina aprendo una discussione sul <a href='https://discuss.privacyguides.net/'>nostro forum</a>."
theme:
language: it
@ -141,7 +127,6 @@ nav:
- Informazioni:
- 'about/index.md'
- 'about/criteria.md'
- 'about/statistics.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- Comunità:

View File

@ -36,20 +36,6 @@ edit_uri: edit/main/i18n/nl/
extra:
generator: false
analytics:
provider: plausible
property: privacyguides.org
feedback:
title: "Was deze pagina nuttig?"
ratings:
- icon: material/robot-happy-outline
name: "Deze pagina was nuttig"
data: Helpful
note: "Bedankt voor je feedback!"
- icon: material/robot-confused
name: "Deze pagina kan worden verbeterd"
data: Needs Improvement
note: "Bedankt voor jouw feedback! Help ons deze pagina te verbeteren door een <a href='https://discuss.privacyguides.net/'>discussie te openen op ons forum</a>."
theme:
language: nl
@ -141,7 +127,6 @@ nav:
- Over ons:
- 'about/index.md'
- 'about/criteria.md'
- 'about/statistics.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- Gemeenschap:

View File

@ -36,20 +36,6 @@ edit_uri: edit/main/docs/
extra:
generator: false
analytics:
provider: plausible
property: privacyguides.org
feedback:
title: "Была ли эта страница полезной?"
ratings:
- icon: material/robot-happy-outline
name: "Эта страница была полезна"
data: Helpful
note: "Спасибо за ваш отзыв!"
- icon: material/robot-confused
name: "Эта страница может быть улучшена"
data: Needs Improvement
note: "Спасибо за ваш отзыв! Помогите нам улучшить эту страницу, <a href='https://discuss.privacyguides.net/'>открыв обсуждение на нашем форуме.</a>"
extra_css:
- assets/stylesheets/extra.css?v=3.2.0
@ -143,7 +129,6 @@ nav:
- О сайте:
- 'about/index.md'
- 'about/criteria.md'
- 'about/statistics.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- Сообщество:

View File

@ -20,8 +20,8 @@
INHERIT: mkdocs-common.yml
docs_dir: '../i18n/zh-Hant'
site_url: "https://www.privacyguides.org/zh-hant/"
site_dir: '../site/zh-hant'
site_url: "https://www.privacyguides.org/zh-Hant/"
site_dir: '../site/zh-Hant'
site_name: Privacy Guides
site_description: |
@ -36,20 +36,6 @@ edit_uri: edit/main/i18n/zh-Hant/
extra:
generator: false
analytics:
provider: plausible
property: privacyguides.org
feedback:
title: "這個頁面對您有幫助嗎?"
ratings:
- icon: material/robot-happy-outline
name: "此頁有幫助"
data: Helpful
note: "感謝反饋!"
- icon: material/robot-confused
name: "此頁面可以改善"
data: Needs Improvement
note: "感謝你的意見!通過在的論壇上開啟<a href='https://discuss.privacyguides.net'>討論來協助我們改善此頁面。</a>"
extra_css:
- assets/stylesheets/extra.css?v=3.2.0
@ -143,7 +129,6 @@ nav:
- 關於:
- 'about/index.md'
- 'about/criteria.md'
- 'about/statistics.md'
- 'about/notices.md'
- 'about/privacy-policy.md'
- 社群:

View File

@ -72,14 +72,7 @@ So far in 2023 we've launched international translations of our website in [Fren
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/freddy)
- [:simple-github: GitHub](https://github.com/freddy-m "@freddy-m")
- [:simple-mastodon: Mastodon](https://social.lol/@freddy "@freddy@social.lol"){rel=me}
- [:fontawesome-solid-envelope: Email](mailto:freddy@privacyguides.org)
- [:fontawesome-solid-house: Homepage](https://freddy.omg.lol)
??? person "@mfwmyfacewhen"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/mfwmyfacewhen)
- [:simple-github: GitHub](https://github.com/mfwmyfacewhen "@mfwmyfacewhen")
- [:fontawesome-solid-house: Homepage](https://mfw.omg.lol)
- [:fontawesome-solid-house: Homepage](https://freddy.lol)
??? person "@olivia"

View File

@ -14,34 +14,17 @@ The privacy of our website visitors is important to us, so we do not track any i
- No information is mined and harvested for personal and behavioral trends
- No information is monetized
You can view the data we collect on our [statistics](statistics.md) page.
We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected.
Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy).
## Data We Collect From Account Holders
On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform.
If you register for an account on one of our services, we may collect any information you provide us (such as your email, password, profile information, etc.) and use that information to provide you with the service. We never share or sell this data.
To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement per-site.
We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services.
We use your email to:
- Notify you about posts and other activity on the websites or services.
- Reset your password and help keep your account secure.
- Contact you in special circumstances related to your account.
- Contact you about legal requests, such as DMCA takedown requests.
On some websites and services you may provide additional information for your account, such as a short biography, avatar, your location, or your birthday. We make that information available to everyone who can access the website or service in question. This information is not required to use any of our services and can be erased at any time.
We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days.
Some services we host have separate privacy policies which supersede this document. For example, the privacy policy of our forum can be found at [discuss.privacyguides.net/privacy](https://discuss.privacyguides.net/privacy).
## Contacting Us
The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to:
Even in the limited cases where your data is collected, our volunteers and most members of the Privacy Guides team have no access to that information. Some information (such as your email address) may be accessible to moderators via limited control panels for the purposes of moderating our communities.
Thus, inquiries regarding your personal information should be sent directly to:
```text
Jonah Aragon
@ -51,8 +34,7 @@ jonah@privacyguides.org
For all other inquiries, you can contact any member of our team.
For complaints under GDPR more generally, you may lodge complaints with your local data protection supervisory authorities.
In France it's the Commission Nationale de l'Informatique et des Libertés which take care and handle the complaints. They provide a [template of complaint letter](https://www.cnil.fr/en/plaintes) to use.
For complaints under GDPR more generally, you always have the option to lodge complaints with your local data protection supervisory authorities.
## About This Policy

View File

@ -1,60 +0,0 @@
---
title: Traffic Statistics
---
## Website Statistics
<iframe plausible-embed src="https://stats.privacyguides.net/share/privacyguides.org?auth=IxTl2wRhi3uxF09rd1NSn&embed=true&theme=system&background=transparent" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;" id="plausibleFrame"></iframe>
<div style="font-size: 14px; padding-bottom: 14px;">Stats powered by <a target="_blank" style="color: #4F46E5; text-decoration: underline;" href="https://plausible.io">Plausible Analytics</a></div>
<script async src="https://stats.privacyguides.net/js/embed.host.js"></script>
<script>
/* Set palette on initial load */
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('plausibleFrame').src = 'https://stats.privacyguides.net/share/privacyguides.org?auth=IxTl2wRhi3uxF09rd1NSn&embed=true&theme=' + theme + '&background=transparent';
}
/* Register event handlers after documented loaded */
document.addEventListener("DOMContentLoaded", function() {
var ref = document.querySelector("[data-md-component=palette]")
ref.addEventListener("change", function() {
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('plausibleFrame').src = 'https://stats.privacyguides.net/share/privacyguides.org?auth=IxTl2wRhi3uxF09rd1NSn&embed=true&theme=' + theme + '&background=transparent';
}
})
})
</script>
## Blog Statistics
<iframe plausible-embed src="https://stats.privacyguides.net/share/blog.privacyguides.org?auth=onWV76WWcsDifUqlaHEAg&embed=true&theme=system&background=transparent" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;" id="blogFrame"></iframe>
<div style="font-size: 14px; padding-bottom: 14px;">Stats powered by <a target="_blank" style="color: #4F46E5; text-decoration: underline;" href="https://plausible.io">Plausible Analytics</a></div>
<script async src="https://stats.privacyguides.net/js/embed.host.js"></script>
<script>
/* Set palette on initial load */
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('blogFrame').src = 'https://stats.privacyguides.net/share/blog.privacyguides.org?auth=onWV76WWcsDifUqlaHEAg&embed=true&theme=' + theme + '&background=transparent';
}
/* Register event handlers after documented loaded */
document.addEventListener("DOMContentLoaded", function() {
var ref = document.querySelector("[data-md-component=palette]")
ref.addEventListener("change", function() {
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('blogFrame').src = 'https://stats.privacyguides.net/share/blog.privacyguides.org?auth=onWV76WWcsDifUqlaHEAg&embed=true&theme=' + theme + '&background=transparent';
}
})
})
</script>

View File

@ -294,9 +294,24 @@ DNSSEC implements a hierarchical digital signing policy across all layers of DNS
## What is QNAME minimization?
A QNAME is a "qualified name", for example `privacyguides.org`. QNAME minimisation reduces the amount of information sent from the DNS server to the [authoritative name server](https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server).
A QNAME is a "qualified name", for example `discuss.privacyguides.net`. In the past, when resolving a domain name your DNS resolver would ask every server in the chain to provide any information it has about your full query. In this example below, your request to find the IP address for `discuss.privacyguides.net` gets asked of every DNS server provider:
Instead of sending the whole domain `privacyguides.org`, QNAME minimization means the DNS server will ask for all the records that end in `.org`. Further technical description is defined in [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816).
| Server | Question Asked | Response |
|------------------------|---------------------------------------------|---------------------------------------------|
| Root server | What's the IP of discuss.privacyguides.net? | I don't know, ask .net's server... |
| .net's server | What's the IP of discuss.privacyguides.net? | I don't know, ask Privacy Guides' server... |
| Privacy Guides' server | What's the IP of discuss.privacyguides.net? | 5.161.195.190! |
With "QNAME minimization," your DNS resolver now only asks for just enough information to find the next server in the chain. In this example, the root server is only asked for enough information to find the appropriate nameserver for the .net TLD, and so on, without ever knowing the full domain you're trying to visit:
| Server | Question Asked | Response |
|------------------------|------------------------------------------------------|-----------------------------------|
| Root server | What's the nameserver for .net? | *Provides .net's server* |
| .net's server | What's the nameserver for privacyguides.net? | *Provides Privacy Guides' server* |
| Privacy Guides' server | What's the nameserver for discuss.privacyguides.net? | This server! |
| Privacy Guides' server | What's the IP of discuss.privacyguides.net? | 5.161.195.190 |
While this process can be slightly more inefficient, in this example neither the central root nameservers nor the TLD's nameservers ever receive information about your *full* query, thus reducing the amount of information being transmitted about your browsing habits. Further technical description is defined in [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816).
## What is EDNS Client Subnet (ECS)?

View File

@ -3,7 +3,7 @@ meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
title: "Android"
icon: 'simple/android'
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
cover: android.png
cover: android.webp
schema:
-
"@context": http://schema.org
@ -305,6 +305,26 @@ Main privacy features include:
## Obtaining Applications
### Obtainium
!!! recommendation
![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
??? downloads
- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk/) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks.
Obtainium can also be used to download apps from F-Droid repositories, and may serve as a useful alternative to the official F-Droid clients. However, we generally recommend against apps built by F-Droid or from unofficial F-Droid repositories: Read [our notes on F-Droid](#f-droid) below for more information.
### GrapheneOS App Store
GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.

View File

@ -17,6 +17,16 @@ There is another standard which is popular with business called [S/MIME](https:/
Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible.
## What is the Web Key Directory standard?
The Web Key Directory (WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted.
In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox.org, they can publish your OpenPGP key on their domain for you.
If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from keys.openpgp.org, by setting a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then uploading your key to [keys.openpgp.org](https://keys.openpgp.org/). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting).
If you use a shared domain from a provider which doesn't support WKD, like @gmail.com, you won't be able to share your OpenPGP key with others via this method.
### What Email Clients Support E2EE?
Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
@ -25,7 +35,7 @@ Email providers which allow you to use standard access protocols like IMAP and S
A smartcard (such as a [YubiKey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device.
It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview

View File

@ -21,7 +21,7 @@ However, they do hide your actual IP from a third-party service, provided that t
## When shouldn't I use a VPN?
Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful.
Using a VPN in cases where you're using your [known identity](common-misconceptions.md#complicated-is-better) is unlikely be useful.
Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website.

View File

@ -2,7 +2,7 @@
title: "Calendar Sync"
icon: material/calendar
description: Calendars contain some of your most sensitive data; use products that implement encryption at rest.
cover: calendar.png
cover: calendar.webp
---
Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them.
@ -39,7 +39,7 @@ Calendars contain some of your most sensitive data; use products that implement
![Proton](assets/img/calendar/proton-calendar.svg){ align=right }
**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers.
**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
[:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }

View File

@ -3,7 +3,7 @@ meta_title: "The Best Private and Secure Cloud Storage Providers - Privacy Guide
title: "Cloud Storage"
icon: material/file-cloud
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
cover: cloud.png
cover: cloud.webp
---
Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure E2EE.
@ -30,6 +30,7 @@ If these alternatives do not fit your needs, we suggest you look into using encr
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851)
- [:simple-windows11: Windows](https://proton.me/drive/download)
The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/blog/security-audit-all-proton-apps), full details were not made available, but Securitum's letter of attestation states:

View File

@ -2,7 +2,7 @@
meta_title: "Private Cryptocurrency Blockchains - Privacy Guides"
title: Cryptocurrency
icon: material/bank-circle
cover: cryptocurrency.png
cover: cryptocurrency.webp
---
Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:

View File

@ -3,7 +3,7 @@ meta_title: "Remove PII with Metadata Scrubbers and Data Redaction Tools - Priva
title: "Data and Metadata Redaction"
icon: material/tag-remove
description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share.
cover: data-redaction.png
cover: data-redaction.webp
---
When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata.

View File

@ -3,7 +3,7 @@ meta_title: "Privacy Respecting Web Browsers for PC and Mac - Privacy Guides"
title: "Desktop Browsers"
icon: material/laptop
description: These web browsers provide stronger privacy protections than Google Chrome.
cover: desktop-browsers.png
cover: desktop-browsers.webp
schema:
-
"@context": http://schema.org
@ -282,9 +282,8 @@ Disable built-in extensions you do not use in **Extensions**
Brave's Web3 features can potentially add to your browser fingerprint and attack surface. Unless you use any of features, they should be disabled.
Set **Default Ethereum wallet** to **Extensions (no fallback)**
Set **Default Solana wallet** to **Extensions (no fallback)**
Set **Method to resolve IPFS resources** to **Disabled**
- Select **Extensions (no fallback)** under Default Ethereum wallet and Default Solana wallet
- Set **Method to resolve IPFS resources** to **Disabled**
##### System

View File

@ -2,7 +2,7 @@
title: "Desktop/PC"
icon: simple/linux
description: Linux distributions are commonly recommended for privacy protection and software freedom.
cover: desktop.png
cover: desktop.webp
---
Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions.
@ -18,7 +18,7 @@ Linux distributions are commonly recommended for privacy protection and software
**Fedora Workstation** is our recommended distribution for people new to Linux. Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org). These new technologies often come with improvements in security, privacy, and usability in general.
[:octicons-home-16: Homepage](https://getfedora.org/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://fedoraproject.org/workstation/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs/){ .card-link title=Documentation}
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute }
@ -68,11 +68,11 @@ A large portion of [Arch Linuxs packages](https://reproducible.archlinux.org)
**Fedora Silverblue** and **Fedora Kinoite** are immutable variants of Fedora with a strong focus on container workflows. Silverblue comes with the [GNOME](https://www.gnome.org/) desktop environment while Kinoite comes with [KDE](https://kde.org/). Silverblue and Kinoite follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
[:octicons-home-16: Homepage](https://silverblue.fedoraproject.org/){ .md-button .md-button--primary }
[:octicons-home-16: Homepage](https://fedoraproject.org/silverblue/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/fedora-silverblue/){ .card-link title=Documentation}
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute }
Silverblue (and Kinoite) differ from Fedora Workstation as they replace the [DNF](https://fedoraproject.org/wiki/DNF) package manager with a much more advanced alternative called [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/package-management/rpm-ostree/). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image.
Silverblue (and Kinoite) differ from Fedora Workstation as they replace the [DNF](https://docs.fedoraproject.org/en-US/quick-docs/dnf/) package manager with a much more advanced alternative called [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/latest/system-administrators-guide/package-management/rpm-ostree/). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image.
After the update is complete you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily rollback if something breaks in the new deployment. There is also the option to pin more deployments as needed.
@ -151,7 +151,7 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
![Qubes OS logo](assets/img/qubes/qubes_os.svg){ align=right }
**Qubes OS** is an open-source operating system designed to provide strong security for desktop computing through secure virtual machines (a.k.a. "Qubes"). Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and use most of the Linux drivers.
**Qubes OS** is an open-source operating system designed to provide strong security for desktop computing through secure virtual machines (or "qubes"). Qubes is based on Xen, the X Window System, and Linux. It can run most Linux applications and use most of the Linux drivers.
[:octicons-home-16: Homepage](https://www.qubes-os.org/){ .md-button .md-button--primary }
[:simple-torbrowser:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title="Onion Service" }
@ -160,7 +160,7 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
[:octicons-code-16:](https://github.com/QubesOS/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.qubes-os.org/donate/){ .card-link title=Contribute }
Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate VMs. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the system.
Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the *qubes* and the core system.
For further information about how Qubes works, read our full [Qubes OS overview](os/qubes-overview.md) page.

View File

@ -2,7 +2,7 @@
title: "DNS Resolvers"
icon: material/dns
description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration.
cover: dns.png
cover: dns.webp
---
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.

View File

@ -2,7 +2,7 @@
title: "Email Clients"
icon: material/email-open
description: These email clients are privacy-respecting and support OpenPGP email encryption.
cover: email-clients.png
cover: email-clients.webp
---
Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft.

View File

@ -3,7 +3,7 @@ meta_title: "Encrypted Private Email Recommendations - Privacy Guides"
title: "Email Services"
icon: material/email
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
cover: email.png
cover: email.webp
---
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
@ -18,7 +18,7 @@ For everything else, we recommend a variety of email providers based on sustaina
## OpenPGP Compatible Services
These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
These providers natively support OpenPGP encryption/decryption and the [Web Key Directory standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
<div class="grid cards" markdown>
@ -85,7 +85,7 @@ Certain information stored in [Proton Contacts](https://proton.me/support/proton
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. This only applies to email addresses ending in one of Proton's own domains, like @proton.me. If you use a custom domain, you must [configure WKD](./basics/email-security.md#what-is-the-web-key-directory-standard) separately.
#### :material-information-outline:{ .pg-blue } Account Termination
@ -135,7 +135,7 @@ However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the softwa
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox.org's own domains, like @mailbox.org. If you use a custom domain, you must [configure WKD](./basics/email-security.md#what-is-the-web-key-directory-standard) separately.
#### :material-information-outline:{ .pg-blue } Account Termination
@ -239,7 +239,7 @@ Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or
#### :material-check:{ .pg-green } Custom Domains and Aliases
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
Paid Tutanota accounts can use either 15 or 30 aliases depending on their plan and unlimited aliases on [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
#### :material-information-outline:{ .pg-blue } Private Payment Methods
@ -275,7 +275,7 @@ An email aliasing service allows you to easily generate a new email address for
<div class="grid cards" markdown>
- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
- ![addy.io logo](assets/img/email/mini/addy.svg){ .twemoji } [addy.io](email.md#addyio)
- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
</div>
@ -297,36 +297,36 @@ Our email aliasing recommendations are providers that allow you to create aliase
Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider.
### AnonAddy
### addy.io
!!! recommendation
![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right }
![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right }
![addy.io logo](assets/img/email/addy.svg#only-light){ align=right }
![addy.io logo](assets/img/email/addy-dark.svg#only-dark){ align=right }
**AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous.
**addy.io** lets you create 10 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous.
[:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation}
[:octicons-home-16: Homepage](https://addy.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://addy.io/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://app.addy.io/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute }
[:octicons-heart-16:](https://addy.io/donate){ .card-link title=Contribute }
??? downloads
- [:simple-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
- [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe)
- [:simple-android: Android](https://addy.io/faq/#is-there-an-android-app)
- [:material-apple-ios: iOS](https://addy.io/faq/#is-there-an-ios-app)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/addy_io/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/addyio-anonymous-email-fo/iadbdpnoknmbdeolbapdackdcogdmjpe)
The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
The number of shared aliases (which end in a shared domain like @addy.io) that you can create is limited to 10 on addy.io's free plan, 50 on their $1/month plan and unlimited on the $4/month plan (billed $3 for a year). You can create unlimited standard aliases (which end in a domain like @[username].addy.io or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service. Securitum [audited](https://addy.io/blog/addy-io-passes-independent-security-audit/) addy.io in September 2023 and no significant vulnerabilities [were identified](https://addy.io/addy-io-security-audit.pdf).
Notable free features:
- [x] 20 Shared Aliases
- [x] 10 Shared Aliases
- [x] Unlimited Standard Aliases
- [ ] No Outgoing Replies
- [x] 2 Recipient Mailboxes
- [x] 1 Recipient Mailboxes
- [x] Automatic PGP Encryption
### SimpleLogin
@ -347,7 +347,7 @@ Notable free features:
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858)
- [:simple-github: GitHub](https://github.com/simple-login/Simple-Login-Android/releases)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/simplelogin/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
- [:simple-safari: Safari](https://apps.apple.com/app/id1494051017)
@ -496,8 +496,8 @@ Must not have any marketing which is irresponsible:
- Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it.
- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.:
- Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.)
- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
- Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.)
- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
**Best Case:**

View File

@ -3,7 +3,7 @@ meta_title: "Recommended Encryption Software: VeraCrypt, Cryptomator, PicoCrypt,
title: "Encryption Software"
icon: material/file-lock
description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files.
cover: encryption.png
cover: encryption.webp
---
Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here.
@ -87,7 +87,7 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru
## OS Full Disk Encryption
Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will have a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor).
For encrypting the drive your operating system boots from, we generally recommend enabling the encryption software that comes with your operating system rather than using a third-party tool. This is because your operating system's native encryption tools often make use of OS and hardware-specific features like the [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor) in your device to protect your computer against more advanced physical attacks. For secondary drives and external drives which you *don't* boot from, we still recommend using open-source tools like [VeraCrypt](#veracrypt-disk) over the tools below, because they offer additional flexibility and let you avoid vendor lock-in.
### BitLocker
@ -95,7 +95,7 @@ Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryp
![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right }
**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
@ -103,7 +103,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
??? example "Enabling BitLocker on Windows Home"
To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module.
To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":

View File

@ -2,7 +2,7 @@
title: "File Sharing and Sync"
icon: material/share-variant
description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
cover: file-sharing.png
cover: file-sharing.webp
---
Discover how to privately share your files between your devices, with your friends and family, or anonymously online.

View File

@ -1,7 +1,7 @@
---
title: Financial Services
icon: material/bank
cover: financial-services.png
cover: financial-services.webp
---
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
@ -44,6 +44,8 @@ Privacy.com gives information about the merchants you purchase from to your bank
[:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation}
MySudo's virtual cards are currently only available via their iOS app.
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

View File

@ -2,7 +2,7 @@
title: "Frontends"
icon: material/flip-to-front
description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances.
cover: frontends.png
cover: frontends.webp
---
Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions.

View File

@ -13,14 +13,9 @@ You can use an existing SSH key for signing, or [create a new one](https://docs.
git config --global gpg.format ssh
git config --global tag.gpgSign true
```
2. Copy your SSH public key to your clipboard, for example:
2. Set your SSH key for signing in Git with the following command, substituting `/PATH/TO/.SSH/KEY.PUB` with the path to the public key you'd like to use, e.g. `/home/user/.ssh/id_ed25519.pub`:
```
pbcopy < ~/.ssh/id_ed25519.pub
# Copies the contents of the id_ed25519.pub file to your clipboard
```
3. Set your SSH key for signing in Git with the following command, replacing the last string in quotes with the public key in your clipboard:
```
git config --global user.signingkey 'ssh-ed25519 AAAAC3(...) user@example.com'
git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
```
Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key).

View File

@ -3,7 +3,7 @@ meta_title: "Privacy Respecting Mobile Web Browsers for Android and iOS - Privac
title: "Mobile Browsers"
icon: material/cellphone-information
description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone.
cover: mobile-browsers.png
cover: mobile-browsers.webp
schema:
-
"@context": http://schema.org
@ -79,7 +79,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
<div class="annotate" markdown>
- [x] Select **Aggressive** under Block trackers & ads
- [x] Select **Aggressive** under **Block trackers & ads**
??? warning "Use default filter lists"
Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
@ -105,7 +105,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
<div class="annotate" markdown>
- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
- [x] Select **Disable non-proxied UDP** under [WebRTC IP handling policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
- [ ] Uncheck **Allow sites to check if you have payment methods saved**
- [ ] Uncheck **IPFS Gateway** (1)
- [x] Select **Close tabs on exit**

View File

@ -2,7 +2,7 @@
title: "Multi-Factor Authenticators"
icon: 'material/two-factor-authentication'
description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.png
cover: multi-factor-authentication.webp
---
## Hardware Security Keys

View File

@ -2,7 +2,7 @@
title: "News Aggregators"
icon: material/rss
description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS.
cover: news-aggregators.png
cover: news-aggregators.webp
---
A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites.
@ -36,7 +36,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
[:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" }
[:octicons-code-16:](https://github.com/spacecowboy/Feeder){ .card-link title="Source Code" }
[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute }
??? downloads

View File

@ -2,7 +2,7 @@
title: "Notebooks"
icon: material/notebook-edit-outline
description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party.
cover: notebooks.png
cover: notebooks.webp
---
Keep track of your notes and journalings without giving them to a third-party.
@ -11,30 +11,6 @@ If you are currently using an application like Evernote, Google Keep, or Microso
## Cloud-based
### Standard Notes
!!! recommendation
![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right }
**Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited](https://standardnotes.com/help/2/has-standard-notes-completed-a-third-party-security-audit).
[:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" }
[:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1285392450)
- [:simple-github: GitHub](https://github.com/standardnotes/app/releases)
- [:simple-windows11: Windows](https://standardnotes.com)
- [:simple-apple: macOS](https://standardnotes.com)
- [:simple-linux: Linux](https://standardnotes.com)
- [:octicons-globe-16: Web](https://app.standardnotes.com/)
### Notesnook
!!! recommendation

View File

@ -23,7 +23,7 @@ The only source for apps on iOS is Apple's App Store, which requires an Apple ID
Apple has historically had problems with properly anonymizing their telemetry on iOS. [In 2019](https://www.theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings), Apple was found to transmit Siri recordings—some containing highly confidential information—to their servers for manual review by third-party contractors. While they temporarily stopped that program after that practice was [widely reported on](https://www.theverge.com/2019/8/23/20830120/apple-contractors-siri-recordings-listening-1000-a-day-globetech-microsoft-cortana), the problem wasn't completely resolved [until 2021](https://www.theguardian.com/technology/2021/jun/07/apple-overhauls-siri-to-address-privacy-concerns-and-improve-performance).
More recently, Apple has been found to [transmit analytics even when analytics sharing is disabled](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558) on iOS, and this data [appears](https://twitter.com/mysk_co/status/1594515229915979776) to be easily linked to unique iCloud account identifiers despite supposedly being anonymous. Apple has not fixed [these problems](https://gizmodo.com/clarence-thomas-aide-venmo-laywers-supreme-court-1850631585) as of July 2023.
More recently, Apple has been found to [transmit analytics even when analytics sharing is disabled](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558) on iOS, and this data [appears](https://twitter.com/mysk_co/status/1594515229915979776) to be easily linked to unique iCloud account identifiers despite supposedly being anonymous.
## Recommended Configuration

View File

@ -117,12 +117,6 @@ Decide whether you want personalized ads based on your usage.
- [ ] Uncheck **Personalized Ads**
##### Security
Apps from the App Store are subject to stricter security guidelines, such as stricter sandboxing. If the only apps you need are available from the App Store, change the **Allow applications downloaded from** setting to **App Store** to prevent accidentally running other apps. This is a good option particularly if you are configuring a machine for other, less technical users such as children.
If you choose to also allow applications from identified developers, be careful about the apps you run and where you obtain them.
##### FileVault
On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling FileVault additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
@ -139,17 +133,21 @@ On older Intel-based Mac computers, FileVault is the only form of disk encryptio
### MAC Address Randomization
Unlike iOS, macOS doesn't give you an option to randomize your MAC address in the settings, so you'll need to do it with a command or a script.
macOS uses a randomized MAC address when performing Wi-Fi scans while disconnected from a network. However, when you connect to a preferred Wi-Fi network, the MAC address used is never randomized. Full MAC address randomization is an advanced topic, and most people don't need to worry about performing the following steps.
You open up your Terminal and enter this command to randomize your MAC address:
Unlike iOS, macOS doesn't give you an option to randomize your MAC address in the settings, so if you wish to change this identifier, you'll need to do it with a command or a script. To set a random MAC address, first disconnect from the network if you're already connected, then open **Terminal** and enter this command to randomize your MAC address:
``` zsh
openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//' | xargs sudo ifconfig en1 ether
openssl rand -hex 6 | sed 's/^\(.\{1\}\)./\12/; s/\(..\)/\1:/g; s/.$//' | xargs sudo ifconfig en0 ether
```
en1 is the name of the interface you're changing the MAC address for. This might not be the right one on every Mac, so to check you can hold the option key and click the Wi-Fi symbol at the top right of your screen.
`en0` is the name of the interface you're changing the MAC address for. This might not be the right one on every Mac, so to check you can hold the option key and click the Wi-Fi symbol at the top right of your screen. "Interface name" should be displayed at the top of the dropdown menu.
This will be reset on reboot.
This command sets your MAC address to a randomized, "locally administered" address, matching the behavior of iOS, Windows, and Android's MAC address randomization features. This means that every character in the MAC address is fully randomized except the second character, which denotes the MAC address as *locally administered* and not in conflict with any actual hardware. This method is most compatible with modern networks. An alternative method is to set the first six characters of the MAC address to one of Apple's existing *Organizational Unique Identifiers*, which we'll leave as an exercise to the reader. That method is more likely to conflict with some networks, but may be less noticeable. Given the prevalence of randomized, locally administered MAC addresses in other modern operating systems, we don't think either method has significant privacy advantages over the other.
When you connect to the network again, you'll connect with a random MAC address. This will be reset on reboot.
Your MAC address is not the only unique information about your device which is broadcast on the network, your hostname is another piece of information which could uniquely identify you. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** > **General** > **Sharing**. Some [privacy scripts](https://github.com/sunknudsen/privacy-guides/tree/master/how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos#guide) allow you to easily generate hostnames with random names.
## Security Protections

View File

@ -1,54 +1,58 @@
---
title: "Qubes Overview"
icon: simple/qubesos
description: Qubes is an operating system built around isolating apps within virtual machines for heightened security.
description: Qubes is an operating system built around isolating apps within *qubes* (formerly "VMs") for heightened security.
---
[**Qubes OS**](../desktop.md#qubes-os) is an open-source operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per-case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/).
[**Qubes OS**](../desktop.md#qubes-os) is an open-source operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated *qubes*, (which are Virtual Machines). You can assign each *qube* a level of trust based on its purpose. Qubes OS provides security by using isolation. It only permits actions on a per-case basis and therefore is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/).
## How does Qubes OS work?
Qubes uses [compartmentalization](https://www.qubes-os.org/intro/) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../desktop.md#whonix). Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) virtual machines.
Qubes uses [compartmentalization](https://www.qubes-os.org/intro/) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../desktop.md#whonix). Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) *qubes*.
??? "The term *qubes* is gradually being updated to avoid referring to them as "virtual machines"."
Some of the information here and on the Qubes OS documentation may contain conflicting language as the "appVM" term is gradually being changed to "qube". Qubes are not entire virtual machines, but maintain similar functionalities to VMs.
![Qubes architecture](../assets/img/qubes/qubes-trust-level-architecture.png)
<figcaption>Qubes Architecture, Credit: What is Qubes OS Intro</figcaption>
Each Qubes application has a [colored border](https://www.qubes-os.org/screenshots/) that can help you keep track of the virtual machine it is running in. You could, for example, use a specific color for your banking browser, while using a different color for a general untrusted browser.
Each qube has a [colored border](https://www.qubes-os.org/screenshots/) that can help you keep track of the domain in which it runs. You could, for example, use a specific color for your banking browser, while using a different color for a general untrusted browser.
![Colored border](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png)
<figcaption>Qubes window borders, Credit: Qubes Screenshots</figcaption>
## Why Should I use Qubes?
Qubes OS is useful if your [threat model](../basics/threat-modeling.md) requires strong compartmentalization and security, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources.
Qubes OS is useful if your [threat model](../basics/threat-modeling.md) requires strong security and isolation, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources, but the idea is that if a single qube is compromised it won't affect the rest of the system.
Qubes OS utilizes [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM (i.e., an "AdminVM") for controlling other guest VMs or Qubes on the host OS. Other VMs display individual application windows within Dom0's desktop environment. It allows you to color code windows based on trust levels and run apps that can interact with each other with very granular control.
Qubes OS utilizes [dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM for controlling other *qubes* on the host OS, all of which display individual application windows within dom0's desktop environment. There are many uses for this type of architecture. Here are some tasks you can perform. You can see just how much more secure these processes are made by incorporating multiple steps.
### Copying and Pasting Text
You can [copy and paste text](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/) using `qvm-copy-to-vm` or the below instructions:
1. Press **Ctrl+C** to tell the VM you're in that you want to copy something.
2. Press **Ctrl+Shift+C** to tell the VM to make this buffer available to the global clipboard.
3. Press **Ctrl+Shift+V** in the destination VM to make the global clipboard available.
4. Press **Ctrl+V** in the destination VM to paste the contents in the buffer.
1. Press **Ctrl+C** to tell the *qube* you're in that you want to copy something.
2. Press **Ctrl+Shift+C** to tell the *qube* to make this buffer available to the global clipboard.
3. Press **Ctrl+Shift+V** in the destination *qube* to make the global clipboard available.
4. Press **Ctrl+V** in the destination *qube* to paste the contents in the buffer.
### File Exchange
To copy and paste files and directories (folders) from one VM to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. The difference is that the **Move** option will delete the original file. Either option will protect your clipboard from being leaked to any other Qubes. This is more secure than air-gapped file transfer because an air-gapped computer will still be forced to parse partitions or file systems. That is not required with the inter-qube copy system.
To copy and paste files and directories (folders) from one *qube* to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. The difference is that the **Move** option will delete the original file. Either option will protect your clipboard from being leaked to any other *qubes*. This is more secure than air-gapped file transfer. An air-gapped computer will still be forced to parse partitions or file systems. That is not required with the inter-qube copy system.
??? info "AppVMs or qubes do not have their own file systems"
??? "Qubes do not have their own filesystems."
You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between Qubes. When doing so the changes aren't immediately made and can be easily undone in case of an accident.
You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between *qubes*. When doing so the changes aren't immediately made and can be easily undone in case of an accident. When you run a *qube*, it does not have a persistent filesystem. You can create and delete files, but these changes are ephemeral.
### Inter-VM Interactions
The [qrexec framework](https://www.qubes-os.org/doc/qrexec/) is a core part of Qubes which allows virtual machine communication between domains. It is built on top of the Xen library *vchan*, which facilitates [isolation through policies](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/).
The [qrexec framework](https://www.qubes-os.org/doc/qrexec/) is a core part of Qubes which allows communication between domains. It is built on top of the Xen library *vchan*, which facilitates [isolation through policies](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/).
## Additional Resources
For additional information we encourage you to consult the extensive Qubes OS documentation pages located on the [Qubes OS Website](https://www.qubes-os.org/doc/). Offline copies can be downloaded from the Qubes OS [documentation repository](https://github.com/QubesOS/qubes-doc).
- Open Technology Fund: [*Arguably the world's most secure operating system*](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/)
- J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)
- J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html)
- Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles)
- [Arguably the world's most secure operating system](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/) (Open Technology Fund)
- [Software compartmentalization vs. physical separation](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) (J. Rutkowska)
- [Partitioning my digital life into security domains](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) (J. Rutkowska)
- [Related Articles](https://www.qubes-os.org/news/categories/#articles) (Qubes OS)

View File

@ -3,7 +3,7 @@ meta_title: "The Best Password Managers to Protect Your Privacy and Security - P
title: "Password Managers"
icon: material/form-textbox-password
description: Password managers allow you to securely store and manage passwords and other credentials.
cover: passwords.png
cover: passwords.webp
schema:
-
"@context": http://schema.org

View File

@ -2,7 +2,7 @@
title: "Productivity Tools"
icon: material/file-sign
description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
cover: productivity.png
cover: productivity.webp
---
Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints.

View File

@ -3,7 +3,7 @@ meta_title: "The Best Private Instant Messengers - Privacy Guides"
title: "Real-Time Communication"
icon: material/chat-processing
description: Other instant messengers make all of your private conversations available to the company that runs them.
cover: real-time-communication.png
cover: real-time-communication.webp
---
These are our recommendations for encrypted real-time communication.
@ -65,12 +65,13 @@ We have some additional tips on configuring and hardening your Signal installati
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=chat.simplex.app)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/simplex-chat/id1605771084)
- [:simple-github: GitHub](https://github.com/simplex-chat/simplex-chat/releases)
- [:simple-windows11: Windows](https://simplex.chat/downloads/#desktop-app)
- [:simple-apple: macOS](https://simplex.chat/downloads/#desktop-app)
- [:simple-linux: Linux](https://simplex.chat/downloads/#desktop-app)
SimpleX Chat [was audited](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) by Trail of Bits in October 2022.
Currently SimpleX Chat only provides a client for Android and iOS. Basic group chatting functionality, direct messaging, editing of messages and markdown are supported. E2EE Audio and Video calls are also supported.
Your data can be exported, and imported onto another device, as there are no central servers where this is backed up.
SimpleX Chat supports basic group chatting functionality, direct messaging, and editing of messages and markdown. E2EE Audio and Video calls are also supported. Your data can be exported, and imported onto another device, as there are no central servers where this is backed up.
### Briar

View File

@ -2,7 +2,7 @@
title: "Router Firmware"
icon: material/router-wireless
description: These alternative operating systems can be used to secure your router or Wi-Fi access point.
cover: router.png
cover: router.webp
---
Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc.

View File

@ -3,7 +3,7 @@ meta_title: "Recommended Search Engines: Anonymous Google Alternatives - Privacy
title: "Search Engines"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
cover: search-engines.png
cover: search-engines.webp
---
Use a search engine that doesn't build an advertising profile based on your searches.
@ -74,7 +74,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right }
![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
**Startpage** is a private search engine known for serving Google search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/en-us/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing-) search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
[:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }

View File

@ -19,6 +19,7 @@ For more details about each project, why they were chosen, and additional tips o
- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](tor.md#tor-browser)
- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- ![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ .twemoji } [Onion Browser (Tor for iOS)](tor.md#onion-browser)
- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](tor.md#snowflake) (1)
</div>
@ -130,7 +131,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
<div class="grid cards" markdown>
- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
- ![addy.io logo](assets/img/email/mini/addy.svg){ .twemoji } [addy.io](email.md#addyio)
- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
</div>
@ -156,6 +157,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us)
- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid)
</div>
[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services)
@ -356,7 +358,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
<div class="grid cards" markdown>
- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes)
- ![Notesnook logo](assets/img/notebooks/notesnook.svg){ .twemoji } [Notesnook](notebooks.md#notesnook)
- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin)
- ![Cryptee logo](assets/img/notebooks/cryptee.svg#only-light){ .twemoji }![Cryptee logo](assets/img/notebooks/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](notebooks.md#cryptee)
@ -427,6 +428,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
<div class="grid cards" markdown>
- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji } [Obtainium (App Manager)](android.md#obtainium)
- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter)
- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor)

View File

@ -3,7 +3,7 @@ meta_title: "Tor Browser and Network: Anonymous Web Browsing - Privacy Guides"
title: "Tor Network"
icon: simple/torproject
description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship.
cover: tor.png
cover: tor.webp
schema:
-
"@context": http://schema.org
@ -99,6 +99,24 @@ We previously recommended enabling the *Isolate Destination Address* preference
All versions are signed using the same signature so they should be compatible with each other.
### Onion Browser
!!! recommendation
![Onion Browser logo](assets/img/self-contained-networks/onion_browser.svg){ align=right }
**Onion Browser** is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the [Tor Project](https://support.torproject.org/glossary/onion-browser/).
[:octicons-home-16: Homepage](https://onionbrowser.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://onionbrowser.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://onionbrowser.com/faqs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/OnionBrowser/OnionBrowser){ .card-link title="Source Code" }
[:octicons-heart-16:](https://onionbrowser.com/donate){ .card-link title=Contribute }
??? downloads
- [:simple-appstore: App Store](https://apps.apple.com/app/id519296448)
## Relays and Bridges
### Snowflake

View File

@ -3,7 +3,7 @@ meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or
title: "VPN Services"
icon: material/vpn
description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isnt out to spy on you.
cover: vpn.png
cover: vpn.webp
---
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
@ -53,12 +53,12 @@ Our recommended providers use encryption, accept Monero, support WireGuard & Ope
- [:simple-windows11: Windows](https://protonvpn.com/download-windows)
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
#### :material-check:{ .pg-green } 67 Countries
#### :material-check:{ .pg-green } 68 Countries
Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
Proton VPN has [servers in 68 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
{ .annotate }
1. Last checked: 2022-09-16
1. Last checked: 2023-07-28
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@ -123,7 +123,7 @@ System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-swit
IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
{ .annotate }
1. Last checked: 2022-09-16
1. Last checked: 2023-07-28
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
@ -180,12 +180,12 @@ IVPN clients support two factor authentication (Mullvad's clients do not). IVPN
- [:simple-apple: macOS](https://mullvad.net/en/download/macos/)
- [:simple-linux: Linux](https://mullvad.net/en/download/linux/)
#### :material-check:{ .pg-green } 41 Countries
#### :material-check:{ .pg-green } 43 Countries
Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
Mullvad has [servers in 43 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
{ .annotate }
1. Last checked: 2023-01-19
1. Last checked: 2023-07-28
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).

View File

@ -35,17 +35,17 @@
X-XSS-Protection = "0"
X-Content-Type-Options = "nosniff"
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org https://api.privacyguides.net 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://*.privacyguides.net; frame-ancestors 'none'"
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://*.privacyguides.net; frame-ancestors 'none'"
[[headers]]
for = "/:lang/about/donate/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://opencollective.com https://www.privacyguides.org https://api.privacyguides.net 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://opencollective.com; frame-ancestors 'none'"
Content-Security-Policy = "default-src 'none'; script-src https://opencollective.com https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://opencollective.com; frame-ancestors 'none'"
[[headers]]
for = "/:lang/tor/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org https://api.privacyguides.net 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://snowflake.torproject.org; frame-ancestors 'none'"
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://snowflake.torproject.org; frame-ancestors 'none'"
[[redirects]]
from = "/es/*"

View File

@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="100%" height="100%" viewBox="0 0 128 128" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;">
<g id="path239" transform="matrix(0.780176,0,0,0.780176,-155.567,-216.875)">
<path d="M311.473,434.341C309.4,433.242 297.281,426.527 240.515,395.021C224.718,386.253 209.509,377.822 206.717,376.285C200.375,372.794 199.4,371.935 199.4,369.835C199.4,368.736 201.931,361.693 207.864,346.288C212.518,334.2 216.635,323.607 217.011,322.748C217.868,320.792 219.25,319.131 220.599,318.433C221.862,317.78 253.426,306.253 255.035,305.857C256.774,305.429 258.274,306.253 259.159,308.122C259.583,309.019 261.347,313.648 263.079,318.408C264.811,323.169 267.389,330.208 268.808,334.051C272.06,342.856 272.181,344.103 269.917,345.44C269.317,345.794 265.413,347.326 261.243,348.844C257.072,350.361 253.092,351.933 252.399,352.336C250.799,353.267 250.559,354.704 251.809,355.859C252.305,356.318 260.325,360.893 269.63,366.025C295.638,380.369 294.194,379.72 295.929,377.848C296.779,376.931 312.317,337.409 313.209,333.896C313.59,332.395 313.548,332.186 312.735,331.529C311.625,330.63 311.786,330.591 301.573,334.202C291.455,337.779 290.491,337.855 289.136,335.18C288.424,333.775 277.526,303.843 276.849,301.435C276.411,299.877 276.947,298.397 278.258,297.538C278.803,297.181 286.734,294.138 295.882,290.776C309.458,285.788 312.913,284.658 314.679,284.63C316.957,284.594 317.256,284.75 359.027,307.863C361.922,309.464 363.466,311.15 363.466,312.708C363.466,313.326 353.109,340.799 340.45,373.76C322.597,420.244 317.208,433.886 316.428,434.572C315.102,435.74 314.015,435.689 311.473,434.341L311.473,434.341Z" style="fill:url(#_Linear1);fill-rule:nonzero;stroke:url(#_Linear2);stroke-width:0.39px;"/>
</g>
<defs>
<linearGradient id="_Linear1" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(96.0874,110.767,-110.767,96.0874,217.55,321.519)"><stop offset="0" style="stop-color:rgb(155,88,220);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(50,28,146);stop-opacity:1"/></linearGradient>
<linearGradient id="_Linear2" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(96.0874,110.767,-110.767,96.0874,217.55,321.519)"><stop offset="0" style="stop-color:rgb(155,88,220);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(50,28,146);stop-opacity:1"/></linearGradient>
</defs>
</svg>

After

Width:  |  Height:  |  Size: 2.6 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 556 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 40 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 417 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 717 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 92 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 639 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 92 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 918 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 84 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 945 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 305 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 526 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 39 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.0 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 104 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 793 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 442 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 8.6 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 929 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 34 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 794 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 54 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 735 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 627 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 63 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 425 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.2 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 133 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.1 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 200 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 706 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 39 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 532 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 616 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 755 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 25 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 713 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 28 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 436 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 660 KiB

Some files were not shown because too many files have changed in this diff Show More