privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Merge remote-tracking branch 'upstream/master' into unbound

This commit is contained in:
Mikaela Suomalainen 2019-09-02 15:49:18 +03:00
parent 9d8eed8514 3048d0b0f2
commit d08283c1b6
No known key found for this signature in database
GPG Key ID: 0C207F07B2F32B67
19 changed files with 797 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,5 +1,3 @@
_site/
Gemfile
Gemfile.lock
.sass-cache/
.DS_Store

249
Gemfile.lock Normal file
View File

@ -0,0 +1,249 @@
GEM
remote: https://rubygems.org/
specs:
activesupport (4.2.11.1)
i18n (~> 0.7)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
addressable (2.6.0)
public_suffix (>= 2.0.2, < 4.0)
coffee-script (2.4.1)
coffee-script-source
execjs
coffee-script-source (1.11.1)
colorator (1.1.0)
commonmarker (0.17.13)
ruby-enum (~> 0.5)
concurrent-ruby (1.1.5)
dnsruby (1.61.3)
addressable (~> 2.5)
em-websocket (0.5.1)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0)
ethon (0.12.0)
ffi (>= 1.3.0)
eventmachine (1.2.7)
execjs (2.7.0)
faraday (0.15.4)
multipart-post (>= 1.2, < 3)
ffi (1.11.1)
forwardable-extended (2.6.0)
gemoji (3.0.1)
github-pages (198)
activesupport (= 4.2.11.1)
github-pages-health-check (= 1.16.1)
jekyll (= 3.8.5)
jekyll-avatar (= 0.6.0)
jekyll-coffeescript (= 1.1.1)
jekyll-commonmark-ghpages (= 0.1.5)
jekyll-default-layout (= 0.1.4)
jekyll-feed (= 0.11.0)
jekyll-gist (= 1.5.0)
jekyll-github-metadata (= 2.12.1)
jekyll-mentions (= 1.4.1)
jekyll-optional-front-matter (= 0.3.0)
jekyll-paginate (= 1.1.0)
jekyll-readme-index (= 0.2.0)
jekyll-redirect-from (= 0.14.0)
jekyll-relative-links (= 0.6.0)
jekyll-remote-theme (= 0.3.1)
jekyll-sass-converter (= 1.5.2)
jekyll-seo-tag (= 2.5.0)
jekyll-sitemap (= 1.2.0)
jekyll-swiss (= 0.4.0)
jekyll-theme-architect (= 0.1.1)
jekyll-theme-cayman (= 0.1.1)
jekyll-theme-dinky (= 0.1.1)
jekyll-theme-hacker (= 0.1.1)
jekyll-theme-leap-day (= 0.1.1)
jekyll-theme-merlot (= 0.1.1)
jekyll-theme-midnight (= 0.1.1)
jekyll-theme-minimal (= 0.1.1)
jekyll-theme-modernist (= 0.1.1)
jekyll-theme-primer (= 0.5.3)
jekyll-theme-slate (= 0.1.1)
jekyll-theme-tactile (= 0.1.1)
jekyll-theme-time-machine (= 0.1.1)
jekyll-titles-from-headings (= 0.5.1)
jemoji (= 0.10.2)
kramdown (= 1.17.0)
liquid (= 4.0.0)
listen (= 3.1.5)
mercenary (~> 0.3)
minima (= 2.5.0)
nokogiri (>= 1.8.5, < 2.0)
rouge (= 2.2.1)
terminal-table (~> 1.4)
github-pages-health-check (1.16.1)
addressable (~> 2.3)
dnsruby (~> 1.60)
octokit (~> 4.0)
public_suffix (~> 3.0)
typhoeus (~> 1.3)
html-pipeline (2.12.0)
activesupport (>= 2)
nokogiri (>= 1.4)
http_parser.rb (0.6.0)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
jekyll (3.8.5)
addressable (~> 2.4)
colorator (~> 1.0)
em-websocket (~> 0.5)
i18n (~> 0.7)
jekyll-sass-converter (~> 1.0)
jekyll-watch (~> 2.0)
kramdown (~> 1.14)
liquid (~> 4.0)
mercenary (~> 0.3.3)
pathutil (~> 0.9)
rouge (>= 1.7, < 4)
safe_yaml (~> 1.0)
jekyll-avatar (0.6.0)
jekyll (~> 3.0)
jekyll-coffeescript (1.1.1)
coffee-script (~> 2.2)
coffee-script-source (~> 1.11.1)
jekyll-commonmark (1.3.1)
commonmarker (~> 0.14)
jekyll (>= 3.7, < 5.0)
jekyll-commonmark-ghpages (0.1.5)
commonmarker (~> 0.17.6)
jekyll-commonmark (~> 1)
rouge (~> 2)
jekyll-default-layout (0.1.4)
jekyll (~> 3.0)
jekyll-feed (0.11.0)
jekyll (~> 3.3)
jekyll-gist (1.5.0)
octokit (~> 4.2)
jekyll-github-metadata (2.12.1)
jekyll (~> 3.4)
octokit (~> 4.0, != 4.4.0)
jekyll-mentions (1.4.1)
html-pipeline (~> 2.3)
jekyll (~> 3.0)
jekyll-optional-front-matter (0.3.0)
jekyll (~> 3.0)
jekyll-paginate (1.1.0)
jekyll-readme-index (0.2.0)
jekyll (~> 3.0)
jekyll-redirect-from (0.14.0)
jekyll (~> 3.3)
jekyll-relative-links (0.6.0)
jekyll (~> 3.3)
jekyll-remote-theme (0.3.1)
jekyll (~> 3.5)
rubyzip (>= 1.2.1, < 3.0)
jekyll-sass-converter (1.5.2)
sass (~> 3.4)
jekyll-seo-tag (2.5.0)
jekyll (~> 3.3)
jekyll-sitemap (1.2.0)
jekyll (~> 3.3)
jekyll-swiss (0.4.0)
jekyll-theme-architect (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-cayman (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-dinky (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-hacker (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-leap-day (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-merlot (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-midnight (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-minimal (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-modernist (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-primer (0.5.3)
jekyll (~> 3.5)
jekyll-github-metadata (~> 2.9)
jekyll-seo-tag (~> 2.0)
jekyll-theme-slate (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-tactile (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-time-machine (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-titles-from-headings (0.5.1)
jekyll (~> 3.3)
jekyll-watch (2.2.1)
listen (~> 3.0)
jemoji (0.10.2)
gemoji (~> 3.0)
html-pipeline (~> 2.2)
jekyll (~> 3.0)
kramdown (1.17.0)
liquid (4.0.0)
listen (3.1.5)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2)
mercenary (0.3.6)
mini_portile2 (2.4.0)
minima (2.5.0)
jekyll (~> 3.5)
jekyll-feed (~> 0.9)
jekyll-seo-tag (~> 2.1)
minitest (5.11.3)
multipart-post (2.1.1)
nokogiri (1.10.4)
mini_portile2 (~> 2.4.0)
octokit (4.14.0)
sawyer (~> 0.8.0, >= 0.5.3)
pathutil (0.16.2)
forwardable-extended (~> 2.6)
public_suffix (3.1.1)
rb-fsevent (0.10.3)
rb-inotify (0.10.0)
ffi (~> 1.0)
rouge (2.2.1)
ruby-enum (0.7.2)
i18n
ruby_dep (1.5.0)
rubyzip (1.2.3)
safe_yaml (1.0.5)
sass (3.7.4)
sass-listen (~> 4.0.0)
sass-listen (4.0.0)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
sawyer (0.8.2)
addressable (>= 2.3.5)
faraday (> 0.8, < 2.0)
terminal-table (1.8.0)
unicode-display_width (~> 1.1, >= 1.1.1)
thread_safe (0.3.6)
typhoeus (1.3.1)
ethon (>= 0.9.0)
tzinfo (1.2.5)
thread_safe (~> 0.1)
unicode-display_width (1.6.0)
PLATFORMS
ruby
DEPENDENCIES
github-pages
tzinfo-data
BUNDLED WITH
2.0.1

1
_includes/head.html
View File

@ -44,4 +44,5 @@
<!-- CSS stylesheets -->
<link href="/assets/css/style.css?v=5" rel="stylesheet">
<link id="dark-css" href="/assets/css/dark.css?v=2" rel="stylesheet" media="(prefers-color-scheme: dark)">
</head>

9
_includes/nav.html
View File

@ -11,7 +11,7 @@
<div id="nav-left" class="position-relative flex-col">
<a class="nav-anchor" href="/index.html">
<span id="nav-home" class="fas fa-home"></span>
<span id="nav-home" class="fas fa-home fa-fw"></span>
</a>
<!-- Provider -->
@ -103,7 +103,7 @@
<details class="nav-details">
<summary>
<span class="nav-summary">
<span class="fas fa-language text-danger"></span>
<span class="fas fa-language text-danger fa-fw"></span>
Language
<span class="dropdown-toggle"></span>
</span>
@ -141,7 +141,10 @@
<a href="https://blog.privacytools.io/" class="nav-anchor">Blog </a>
<a href="/donate/" class="nav-anchor">
Donate <span class="fas fa-heart text-danger"></span>
Donate <span class="fas fa-heart text-danger fa-fw"></span>
</a>
<a id="nav-switch-theme" class="nav-anchor" href="javascript:void(0)" onClick="changeColorScheme()">
Theme <span class="nav-theme-icon fas fa-fw"></span>
</a>
</div>
</div>

2
_includes/scripts.html
View File

@ -2,7 +2,7 @@
<script src="/assets/js/popper.min.js?v=4"></script>
<script src="/assets/js/bootstrap.min.js?v=4"></script>
<script src="/assets/js/sortable.min.js?v=4"></script>
<script src="/assets/js/main.js?v=2"></script>
<script src="/assets/js/main.js?v=3"></script>
<!--
Matomo is the leading open-source analytics platform:

2
_includes/sections/browser-addons.html
View File

@ -94,7 +94,7 @@ chrome=""
%}
<h2>For Experts Only</h2>
<h2>For Power Users Only</h2>
<div class="alert alert-warning" role="alert">
<strong>These addons require quite a lot of interaction from the user. Some sites will not work properly until you have configured the add-ons.</strong>

25
_includes/sections/browser-tweaks.html
View File

@ -52,9 +52,6 @@
<dt>dom.event.clipboardevents.enabled = false</dt>
<dd>Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.</dd>
<dt>geo.enabled = false</dt>
<dd>Disables geolocation.</dd>
<dt>media.eme.enabled = false</dt>
<dd>
<p>Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. <a href="https://support.mozilla.org/kb/enable-drm#w_opt-out-of-cdm-playback-uninstall-cdms-and-stop-all-cdm-downloads">Details</a></p>
@ -118,23 +115,8 @@
</ul>
</dd>
<dt>network.trr.mode = 2</dt>
<dd>
Use Trusted Recursive Resolver (DNS-over-HTTPS) first and if it fails, use the system resolver <a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Source</a>
<ul>
<li>0 = disabled by default, may change in the future</li>
<li>1 = use the faster resolver</li>
<li>2 = use DoH first, fallback to system resolver</li>
<li>3 = only use DoH. This may require <code>network.trr.bootstrapAddress</code> or using an IP address in <code>network.trr.uri</code>.</li>
<li>5 = explicitly disable DoH</li>
</ul>
</dd>
<dt>network.trr.uri = CHANGEME</dt>
<dd>The address of your DNS-over-HTTPS provider, if you don't have one, <a href="/providers/dns/#icanndns">check our encrypted DNS recommendations</a>. It can also be changed in <em>Settings, Network Settings, Enable DNS over HTTPS, Use Provider, Custom</em>.</dd>
<dt>network.security.esni.enabled = true</dt>
<dd>Hide the address which you are requesting SSL certificate for if the server supports it. This <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">requires DoH/TRR to be enabled</a> even <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">on Android 9+ when Private DNS is enabled</a>.</dd>
<dt>Looking for TRR, DoH or ESNI?</dt>
<dd>They have moved to <a href="/providers/dns/#icanndns">our DNS page</a>.</dd>
<dt>webgl.disabled = true</dt>
<dd>WebGL is a potential security risk. <a href="https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern">Source</a></dd>
@ -162,10 +144,9 @@
</dd>
</dl>
<h3>Firefox user.js Templates</h3>
<h3 id="user.js">Firefox user.js Templates</h3>
<ul>
<li><a href="https://github.com/ghacksuserjs/ghacks-user.js">ghacks-user.js</a> - An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting.</li>
<li><a href="https://github.com/pyllyukko/user.js">pyllyukko/user.js</a> - This is a user.js configuration file to harden Firefox's settings and make it more secure.</li>
</ul>

299
_includes/sections/dns.html
View File

@ -54,7 +54,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="AdGuard">
<a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a>
</td>
<td>Anycast (based in <span class="flag-icon flag-icon-cy"></span> Cyprus)</td>
<td>Anycast (based in
<span class="no-text-wrap">
<span class="flag-icon flag-icon-cy"></span>
Cyprus)
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://adguard.com/en/privacy/dns.html" href="https://adguard.com/en/privacy/dns.html">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -77,7 +82,20 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="BlahDNS">
<a href="https://blahdns.com/">BlahDNS</a>
</td>
<td><span class="flag-icon flag-icon-ch"></span> Switzerland, <span class="flag-icon flag-icon-jp"></span> Japan, <span class="flag-icon flag-icon-de"></span> Germany</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-ch"></span>
Switzerland,
</span>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-jp"></span>
Japan,
</span>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-de"></span>
Germany
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title='"No logs."'>
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -85,7 +103,15 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
</td>
<td>Hobby Project</td>
<td>No</td>
<td data-value="dot/443">DoH, <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853"><strong>DoT</strong></span>, DNSCrypt</td>
<td data-value="dot/443">
<span class="no-text-wrap">
DoH,
<span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
DoT <span class="fas fa-info-circle fa-sm text-secondary"></span>,
</span>
</span>
DNSCrypt
</td>
<td>Yes</td>
<td>Yes</td>
<td>Ads, trackers, malicious domains <span class="badge badge-warning" data-toggle="tooltip" data-original-title="And some wildcard, IDN, and non-ASCII domains."><a href="https://github.com/ookangzheng/blahdns#default-blocked-wildcard-domain"><i class="fas fa-exclamation-triangle"></i></a></span></td>
@ -100,7 +126,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="Cloudflare">
<a href="https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/">Cloudflare</a> <span class="badge badge-warning" data-toggle="tooltip" title="Cloudflare is one of the world's largest networks, and a problem considering anonymity and decentralization."><a href="https://codeberg.org/crimeflare/cloudflare-tor/"><i class="fas fa-exclamation-triangle"></i></a></span>
</td>
<td>Anycast (based in <span class="flag-icon flag-icon-us"></span> US)</td>
<td>Anycast (based in
<span class="no-text-wrap">
<span class="flag-icon flag-icon-us"></span>
US)
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://www.cloudflare.com/privacypolicy/" href="https://www.cloudflare.com/privacypolicy/">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -123,7 +154,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="CZ.NIC">
<a href="https://www.nic.cz/odvr/">CZ.NIC</a>
</td>
<td><span class="flag-icon flag-icon-cz"></span> Czech Republic</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-cz"></span>
Czech Republic
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title='"CZ.NIC resolvers neither collect any personal data nor gather information on pages where your computer sends personal data."'>
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -142,7 +178,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="dnswarden">
<a href="https://github.com/bhanupratapys/dnswarden/blob/master/README.md">dnswarden</a>
</td>
<td><span class="flag-icon flag-icon-de"></span> Germany</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-de"></span>
Germany
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://github.com/bhanupratapys/dnswarden/blob/master/README.md#privacy-policy-and-tc" href="https://github.com/bhanupratapys/dnswarden/blob/master/README.md#privacy-policy-and-tc">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -150,7 +191,15 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
</td>
<td>Hobby Project</td>
<td>No</td>
<td data-value="dot/443">DoH, <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853"><strong>DoT</strong></span>, DNSCrypt</td>
<td data-value="dot/443">
<span class="no-text-wrap">
DoH,
<span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
DoT <span class="fas fa-info-circle fa-sm text-secondary"></span>,
</span>
</span>
DNSCrypt
</td>
<td>Yes</td>
<td>Yes</td>
<td>Based on server choice</td>
@ -161,7 +210,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="Foundation for Applied Privacy">
<a href="https://appliedprivacy.net/services/dns/">Foundation for Applied Privacy</a>
</td>
<td><span class="flag-icon flag-icon-at"></span> Austria</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-at"></span>
Austria
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://appliedprivacy.net/privacy-policy" href="https://appliedprivacy.net/privacy-policy">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -169,7 +223,14 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
</td>
<td>Non-Profit</td>
<td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"We do NOT log your IP address or DNS queries during normal operations. We do NOT share query data with third parties that are not directly involved with resolving the query (i.e. sending queries to authoritative nameservers for resolution)."' href="https://appliedprivacy.net/privacy-policy/">Some</a></td>
<td data-value="dot/443">DoH, <span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853"><strong>DoT</strong></span></td>
<td data-value="dot/443">
<span class="no-text-wrap">
DoH,
<span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
DoT <span class="fas fa-info-circle fa-sm text-secondary"></span>
</span>
</span>
</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
@ -180,7 +241,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="nextdns">
<a href="https://www.nextdns.io/">nextdns</a>
</td>
<td>Anycast (based in <span class="flag-icon flag-icon-us"></span> US)</td>
<td>Anycast (based in
<span class="no-text-wrap">
<span class="flag-icon flag-icon-us"></span>
US)
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://www.nextdns.io/privacy" href="https://www.nextdns.io/privacy">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -195,11 +261,57 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td>?</td>
</tr>
<tr>
<td data-value="NixNet">
<a href="https://nixnet.xyz/dns/">NixNet</a>
</td>
<td>
<span class="no-text-wrap">
Anycast (based in
<span class="flag-icon flag-icon-us"></span>
US),
</span>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-us"></span>
US,
</span>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-lu"></span>
Luxembourg
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://nixnet.xyz/privacy/" href="https://nixnet.xyz/privacy/">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
</a>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title='Part of LibreHosters, "a network of cooperation and solidarity that uses free software to encourage decentralisation through federation and distributed platforms."' href="https://libreho.st/">
Informal collective
</a>
</td>
<td>No</td>
<td>DoT</td>
<td>Yes</td>
<td>Yes</td>
<td>Based on server choice</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://git.nixnet.xyz/NixNet/dns" href="https://git.nixnet.xyz/NixNet/dns">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
</a>
</td>
</tr>
<tr>
<td data-value="PowerDNS">
<a href="https://powerdns.org/">PowerDNS</a>
</td>
<td><span class="flag-icon flag-icon-nl"></span> The Netherlands</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-nl"></span>
The Netherlands
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://powerdns.org/doh/privacy.html" href="https://powerdns.org/doh/privacy.html">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -222,7 +334,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="Quad9">
<a href="https://quad9.net/">Quad9</a> <span class="badge badge-warning" data-toggle="tooltip" title="Founders include the Global Cyber Alliance, comprised of the City of London Police and Manhattan District Attorney's Office"><i class="fas fa-exclamation-triangle"></i></span>
</td>
<td>Anycast (based in <span class="flag-icon flag-icon-us"></span> US)</td>
<td>Anycast (based in
<span class="no-text-wrap">
<span class="flag-icon flag-icon-us"></span>
US)
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://quad9.net/policy/" href="https://quad9.net/policy/">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -241,7 +358,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="SecureDNS">
<a href="https://securedns.eu/">SecureDNS</a>
</td>
<td><span class="flag-icon flag-icon-nl"></span> The Netherlands</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-nl"></span>
The Netherlands
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title="https://securedns.eu/#privacy" href="https://securedns.eu/#privacy">
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -260,7 +382,12 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
<td data-value="UncensoredDNS">
<a href="https://blog.uncensoreddns.org/">UncensoredDNS</a>
</td>
<td>Anycast (based in <span class="flag-icon flag-icon-dk"></span> Denmark)</td>
<td>Anycast (based in
<span class="no-text-wrap">
<span class="flag-icon flag-icon-dk"></span>
Denmark)
</span>
</td>
<td>
<a data-toggle="tooltip" data-placement="bottom" data-original-title='"Absolutely nothing is being logged, neither about the users nor the usage of this service. I do keep graphs of the total number of queries, but no personally identifiable information is saved. The data that is saved will never be sold or used for anything except capacity planning of the service."'>
<img alt="WWW" src="/assets/img/layout/www.png" width="35" height="35">
@ -276,67 +403,85 @@ github="https://github.com/jedisct1/dnscrypt-proxy"
</tr>
</tbody>
</table>
<h4>Terms</h4>
<ul>
<li>DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.</li>
<li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server."><a href="https://tools.ietf.org/html/rfc8484#section-8.2"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
</ul>
<h4>How to verify DNS is encrypted</h4>
<ul>
<li>DoH / DoT
<ul>
<li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="Your DNS provider may not appear with their own name, so compare the responses to what you know or can find about your DNS provider. Just ensure you don't see your ISP or old unencrypted DNS provider."><i class="fas fa-exclamation-triangle"></i></span></li>
<li>Check the website of your DNS provider. They may have a page for telling "you are using our DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
<li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='Some fields will say "false" depending on the the value of network.trr.mode in about:config'><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver"><i class="fas fa-exclamation-triangle"></i></a></span></li>
</ul>
</li>
<li>dnscrypt-proxy - Check <a href="https://github.com/jedisct1/dnscrypt-proxy/wiki/Checking">dnscrypt-proxy's wiki on how to verify that your DNS is encrypted</a>.
</li>
<li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a>.</li>
<li>QNAME Minimization - Run <code><a href="https://en.wikipedia.org/wiki/Dig_(command)">dig</a> +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
</ul>
<h3>Worth Mentioning and Additional Information</h3>
<ul>
<li><strong>Encrypted DNS clients for desktop:</strong>
<ul>
<li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
</ul>
</li>
<li><strong>Encrypted DNS clients for mobile:</strong>
<ul>
<li><em>Android 9</em> comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li><em><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a></em> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
<li><em><a href="https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md">Nebulo</a></em> - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.</li>
</ul>
</li>
<li><strong>Local DNS servers:</strong>
<ul>
<li><em><a href="https://namecoin.info/">Namecoin</a></em> - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.</li>
<li><em><a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby">Stubby</a></em> - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.</li>
<li><em><a href="https://nlnetlabs.nl/projects/unbound/about/">Unbound</a></em> - a validating, recursive, caching DNS resolver. It can also be ran network-wide and has supported DNS-over-TLS since version 1.7.3.</li>
<ul>
<li>See also <a href="https://www.ctrl.blog/entry/unbound-tls-forwarding.html">Actually secure DNS over TLS in Unbound on ctrl.blog</a>.</li>
</ul>
</ul>
</li>
<li><strong>Network wide DNS servers:</strong>
<ul>
<li><em><a href="https://pi-hole.net/">Pi-hole</a></em> - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.</li>
<li><em><a href="https://gitlab.com/quidsup/notrack">NoTrack</a></em> - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.</li>
</ul>
</li>
<li><strong>Further reading:</strong>
<ul>
<li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
<li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
</ul>
</li>
</ul>
</div>
<h4>Terms</h4>
<ul>
<li>DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. DoT has two modes:</li>
<ul>
<li>Oppurtunistic mode: the client attempts to form a DNS-over-TLS connection to the server on port 853 without performing certificate validation. If it fails, it will use unencrypted DNS. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="In other words automatic mode leaves your DNS traffic vulnerable to SSL strip and MITM attacks"><i class="fas fa-exclamation-triangle"></i></span></li>
<li>Strict mode: the client connects to a specific hostname and performs certificate validation for it. If it fails, no DNS queries are made until it succeeds.</li>
</ul>
<li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server."><a href="https://tools.ietf.org/html/rfc8484#section-8.2"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
</ul>
<h4>How to verify DNS is encrypted</h4>
<ul>
<li>DoH / DoT
<ul>
<li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="Your DNS provider may not appear with their own name, so compare the responses to what you know or can find about your DNS provider. Just ensure you don't see your ISP or old unencrypted DNS provider."><i class="fas fa-exclamation-triangle"></i></span></li>
<li>Check the website of your DNS provider. They may have a page for telling "you are using our DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
<li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='Some fields will say "false" depending on the the value of network.trr.mode in about:config'><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver"><i class="fas fa-exclamation-triangle"></i></a></span></li>
</ul>
</li>
<li>dnscrypt-proxy - Check <a href="https://github.com/jedisct1/dnscrypt-proxy/wiki/Checking">dnscrypt-proxy's wiki on how to verify that your DNS is encrypted</a>.
</li>
<li>DNSSEC - Check <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test by Matthäus Wander</a>.</li>
<li>QNAME Minimization - Run <code><a href="https://en.wikipedia.org/wiki/Dig_(command)">dig</a> +short txt qnamemintest.internet.nl</code> from the command-line (taken from <a href="https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf">this NLnet Labs presentation</a>). You should see this display: <code>"HOORAY - QNAME minimisation is enabled on your resolver :)!"</code></li>
</ul>
<h3>Worth Mentioning and Additional Information</h3>
<ul>
<li><strong>Encrypted DNS clients for desktop:</strong>
<ul>
<li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
<ul>
<li>DNS over HTTPS can be enabled in Menu -> Preferences (<code>about:preferences</code>) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom", and enter your DoH provider's address.</li>
<li>Advanced users may enable it in <code>about:config</code> by setting <code>network.trr.custom_uri</code> and <code>network.trr.uri</code> as the address you find from the documentation of your DoH provider and <code>network.trr.mode</code> as <code>2</code>. It may also be desirable to set <code>network.security.esni.enabled</code> to <code>True</code> in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.</li>
</ul>
</ul>
</li>
<li><strong>Encrypted DNS clients for mobile:</strong>
<ul>
<li><em>Android 9</em> comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<ul>
<li>We recommend selecting <em>Private DNS provider hostname</em> and entering the DoT address from documentation of your DoT provider to enable strict mode (see Terms above). <span class="badge badge-warning" data-toggle="tooltip" data-original-title="If you are on a network blocking access to port 853, Android will error about the network not having internet connectivity."><i class="fas fa-exclamation-triangle"></i></span></li>
</ul>
<li><em><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a></em> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
<li><em><a href="https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md">Nebulo</a></em> - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.</li>
</ul>
</li>
<li><strong>Local DNS servers:</strong>
<ul>
<li><em><a href="https://namecoin.info/">Namecoin</a></em> - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.</li>
<li><em><a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby">Stubby</a></em> - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.</li>
<li><em><a href="https://nlnetlabs.nl/projects/unbound/about/">Unbound</a></em> - a validating, recursive, caching DNS resolver. It can also be ran network-wide and has supported DNS-over-TLS since version 1.7.3.</li>
<ul>
<li>See also <a href="https://www.ctrl.blog/entry/unbound-tls-forwarding.html">Actually secure DNS over TLS in Unbound on ctrl.blog</a>.</li>
</ul>
</ul>
</li>
<li><strong>Network wide DNS servers:</strong>
<ul>
<li><em><a href="https://pi-hole.net/">Pi-hole</a></em> - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.</li>
<li><em><a href="https://gitlab.com/quidsup/notrack">NoTrack</a></em> - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.</li>
</ul>
</li>
<li><strong>Further reading:</strong>
<ul>
<li>On Firefox, DoH and ESNI</li>
<ul>
<li><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Trusted Recursive Resolver (DoH) on MozillaWiki</a></li>
<li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">Firefox bug report requesting the ability to use ESNI without DoH</a></li>
<li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">Firefox bug report requesting the ability to use Android 9+'s Private DNS (DoT) and benefit from encrypted SNI without having to enable DoH</a></li>
<li><a href="https://blog.cloudflare.com/encrypted-sni/">Encrypt it or lose it: how encrypted SNI works on Cloudflare blog</a></li>
</ul>
<li><a href="https://www.isc.org/blogs/qname-minimization-and-privacy/">QNAME Minimization and Your Privacy</a> by the Internet Systems Consortium (ISC)</li>
<li><a href="https://www.isc.org/dnssec/">DNSSEC and BIND 9</a> by the ISC</li>
</ul>
</li>
</ul>

27
_includes/sections/operating-systems.html
View File

@ -41,6 +41,33 @@ tor="http://sejnfjrq6szgca7v.onion"
<li><a href="#win10"><i class="fas fa-link"></i> Don't use Windows 10 - It's a privacy nightmare</a></li>
</ul>
<h4 id="cpuvulns">Remember to check CPU vulnerability mitigations</h4>
<p><em><a href="https://support.microsoft.com/en-us/help/4073757/protect-windows-devices-from-speculative-execution-side-channel-attack">This also affects Windows 10</a>, but it doesn't expose this information or mitigation instructions as easily. MacOS users check <a href="https://support.apple.com/en-us/HT210108">How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities on Apple Support</a>.</em></p>
<p>When running a enough recent kernel, you can check the CPU vulnerabilities it detects by <code>tail -n +1 /sys/devices/system/cpu/vulnerabilities/*</code>. By using <code>tail -n +1</code> instead of <code>cat</code>, the file names are also visible.</p>
<p>
In case you have an Intel CPU, you may notice "SMT vulnerable" display after running the <code>tail</code> command. To mitigate this, disable <a href="https://en.wikipedia.org/wiki/Hyper-threading">hyper-threading</a> from the UEFI/BIOS. You can also take the following mitigation steps below if your system/distribution uses GRUB and supports <code>/etc/default/grub.d/</code>:
</p>
<ol>
<li><code>sudo mkdir /etc/default/grub.d/</code> to create a directory for additional grub configuration</li>
<li><code>echo GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT mds=full,nosmt" | sudo tee /etc/default/grub.d/mds.conf</code> to create a new grub config file source with the echoed content</li>
<li><code>sudo grub-mkconfig -o /boot/grub/grub.cfg</code> to generate a new grub config file including this new kernel boot flag</li>
<li><code>sudo reboot</code> to reboot</li>
<li>after the reboot, check <code>tail -n +1 /sys/devices/system/cpu/vulnerabilities/*</code> again to see that MDS now says "SMT disabled."</li>
</ol>
<h5>Further reading</h5>
<ul>
<li><a href="https://cpu.fail/">CPU.fail</a></li>
<li><a href="https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html">MDS - Microarchitectural Data Sampling on The Linux kernel user's and administrator's guide</a></li>
<li><a href="https://mdsattacks.com/">RIDL and Fallout: MDS attacks on mdsattacks.com</a></li>
<li><a href="https://en.wikipedia.org/wiki/Simultaneous_multithreading">Simultaneous multithreading on Wikipedia</a></li>
</ul>
<h3>Worth Mentioning</h3>
<ul>

2
_includes/sections/password-managers.html
View File

@ -44,7 +44,7 @@
description="<strong>LessPass</strong> is a free and open source password manager that generates unique passwords for websites, email accounts, or anything else based on a master password and information you know. No sync needed. Uses PBKDF2 and SHA-256. It's advised to use the browser addons for more security."
website="https://lesspass.com/"
forum="https://forum.privacytools.io/t/discussion-keepassxc/1344/2"
github="https://github.com/keepassxreboot/keepassxc"
github="https://github.com/lesspass/lesspass"
firefox="https://addons.mozilla.org/en-US/firefox/addon/lesspass/"
chrome="https://chrome.google.com/webstore/detail/lesspass/lcmbpoclaodbgkbjafnkbbinogcbnjih"
android="https://play.google.com/store/apps/details?id=com.lesspass.android&hl=en"

2
_includes/sections/paste-services.html
View File

@ -4,7 +4,7 @@
title="PrivateBin"
image="/assets/img/tools/PrivateBin.png"
description="PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256bit AES. It is the improved version of ZeroBin."
website="https://bin.privacytools.io/"
website="https://privatebin.info/"
forum="https://forum.privacytools.io/t/discussion-privatebin/296"
github="https://github.com/PrivateBin/PrivateBin"
%}

2
_includes/sections/privacy-resources.html
View File

@ -22,7 +22,7 @@
<li><a href="https://www.grc.com/securitynow.htm"><strong>Security Now!</strong></a> - Weekly Internet Security Podcast by Steve Gibson and Leo Laporte.</li>
<li><a href="https://www.jupiterbroadcasting.com/show/techsnap/"><strong>TechSNAP</strong></a> - Weekly Systems, Network, and Administration Podcast. Every week TechSNAP covers the stories that impact those of us in the tech industry.</li>
<li><a href="https://tosdr.org/"><strong>Terms of Service; Didn't Read</strong></a> - "I have read and agree to the Terms" is the biggest lie on the web. We aim to fix that.</li>
<li><a href="https://codeberg.org/crimeflare/cloudflare-tor"><strong>The Great Cloudwall</strong></a> - Critique and information on why to avoid Cloudflare, a big company with a huge portition of the internet behind it.</li>
<li><a href="https://codeberg.org/crimeflare/cloudflare-tor"><strong>The Great Cloudwall</strong></a> - Critique and information on why to avoid Cloudflare, a big company with a huge portion of the internet behind it.</li>
</ul>
<h3>Tools</h3>

57
_includes/sections/teamchat.html
View File

@ -4,35 +4,38 @@
<strong>If your project or organization currently uses a platform like <a href="https://web.archive.org/web/20171029114027/https://feedback.discordapp.com/forums/326712-discord-dream-land/suggestions/17094256-implement-whispersystems-encryption-for-voice-and">Discord</a> or <a href="https://drewdevault.com/2015/11/01/Please-stop-using-slack.html">Slack</a> you should pick an alternative here.</strong>
</div>
{% include cardv2.html
title="Rocket.chat"
image="/assets/img/tools/rocket.chat.png"
description="Rocket.chat is an self-hostable open source platform for team communication. It has optional federation and experimental E2EE."
labels="warning:<a href=//rocket.chat/docs/user-guides/end-to-end-encryption/>Experimental</a>:Regarding E2EE their documentation states 'This feature is currently in alpha. It's also not yet supported on mobile'. There is no forward secrecy so compromised decryption password would leak all messages. The federation was also added afterwards potentially causing room for mistakes."
website="https://rocket.chat/"
forum="https://forum.privacytools.io/t/discussion-rocket-chat/1223"
github="https://github.com/rocketchat/"
android=""
ios=""
mac=""
windows=""
linux=""
{%
include cardv2.html
title="Rocket.chat"
image="/assets/img/tools/rocket.chat.png"
description="Rocket.chat is an self-hostable open source platform for team communication. It has optional federation and experimental E2EE."
labels="warning:<a href=//rocket.chat/docs/user-guides/end-to-end-encryption/>Experimental</a>:Regarding E2EE their documentation states 'This feature is currently in alpha. It's also not yet supported on mobile'. There is no forward secrecy so compromised decryption password would leak all messages. The federation was also added afterwards potentially causing room for mistakes."
website="https://rocket.chat/"
forum="https://forum.privacytools.io/t/discussion-rocket-chat/1223"
github="https://github.com/rocketchat/"
android=""
ios=""
mac=""
windows=""
linux=""
%}
{% include cardv2.html
title="Keybase"
image="/assets/img/tools/keybase.png"
description='Keybase provides a hosted team chat with end-to-end encryption. It has also been <a href="https://keybase.io/docs-assets/blog/NCC_Group_Keybase_KB2018_Public_Report_2019-02-27_v1.3.pdf">indepedently audited (PDF)</a>.'
labels="warning:<a href=//github.com/keybase/client/issues/6374>Warning</a>:The server side of Keybase runs on proprietary code and is centralized."
website="https://keybase.io/"
forum="https://forum.privacytools.io/t/discussion-keybase/1224"
github="https://github.com/Keybase"
android=""
ios=""
mac=""
windows=""
linux=""
web=""
{%
include cardv2.html
title="Keybase"
image="/assets/img/tools/keybase.png"
description='Keybase provides a hosted team chat with end-to-end encryption. It has also been <a href="https://keybase.io/docs-assets/blog/NCC_Group_Keybase_KB2018_Public_Report_2019-02-27_v1.3.pdf">indepedently audited (PDF)</a>.'
labels="warning:<a href=//github.com/keybase/client/issues/6374>Warning</a>:The server side of Keybase runs on proprietary code and is centralized."
website="https://keybase.io/"
forum="https://forum.privacytools.io/t/discussion-keybase/1224"
tor="http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/"
github="https://github.com/Keybase"
android=""
ios=""
mac=""
windows=""
linux=""
web=""
%}

1
_layouts/minimal.html
View File

@ -2,6 +2,7 @@
<html lang="en">
{% include head.html %}
<body data-spy="scroll" data-target="#navbar">
<script src="/assets/js/applytheme.js?v=1"></script>
<header>
{% include nav.html %}
<div id="top" class="py-4"></div>

179
assets/css/dark.scss Normal file
View File

@ -0,0 +1,179 @@
---
---
$dark-400: #181b21;
$dark-300: #22262e;
$dark-200: #343a46;
$dark-100: #464f60;
$light: #d8d8d8;
$primary: #345e8e;
$danger: #b63f4a;
$secondary: $dark-100;
$success: #2c7f40;
$warning: #c6a339;
$info: #218899;
/*
* HTML
*/
body {
background: $dark-400;
color: $light;
}
a {
color: lighten($primary, 25%);
}
a:hover {
color: lighten($primary, 10%);
}
img {
filter: saturate(80%);
}
/*
* Bootstrap
*/
.alert a {
color: #214D97;
}
.bg-secondary, .btn-secondary, .badge-secondary { background-color: $secondary !important; }
.btn-secondary, .card-secondary .card-header { border-color: $secondary !important; }
.text-secondary { color: $secondary !important; }
.alert-secondary, .btn-secondary:hover {
color: $light;
background-color: darken($secondary, 10%);
border-color: darken($secondary, 10%);
}
.bg-primary, .btn-primary, .badge-primary { background-color: $primary !important; }
.btn-primary, .card-primary .card-header { border-color: $primary !important; }
.text-primary { color: $primary !important; }
.alert-primary, .btn-primary:hover {
color: $light;
background-color: darken($primary, 10%);
border-color: darken($primary, 10%);
}
.bg-warning, .btn-warning, .badge-warning { background-color: $warning !important; }
.btn-warning, .card-warning .card-header { border-color: $warning !important; }
.text-warning { color: $warning !important; }
.card-warning > .text-dark { color: $dark-400 !important; }
.alert-warning, .btn-warning:hover {
color: $light;
background-color: darken($warning, 10%);
border-color: darken($warning, 10%);
}
.bg-info, .btn-info, .badge-info { background-color: $info !important; }
.btn-info, .card-info .card-header { border-color: $info !important; }
.text-info { color: $info !important; }
.alert-info, .btn-info:hover {
color: $light;
background-color: darken($info, 10%);
border-color: darken($info, 10%);
}
.bg-success, .btn-success, .badge-success { background-color: $success !important; }
.btn-success, .card-success .card-header { border-color: $success !important; }
.text-success { color: $success !important; }
.alert-success, .btn-success {
color: $light;
background-color: darken($success, 10%);
border-color: darken($success, 10%);
}
.bg-danger, .btn-danger, .badge-danger { background-color: $danger !important; }
.btn-danger, .card-danger .card-header { border-color: $danger !important; }
.text-danger { color: $danger !important; }
.alert-danger, .btn-danger:hover {
color: $light;
background-color: darken($danger, 10%);
border-color: darken($danger, 10%);
}
.card {
box-shadow: none !important;
}
.dropdown-item:hover {
color: $light;
background-color: $dark-300;
}
.form-control,
.form-control:focus {
color: $light;
background: $dark-300;
border-color: $dark-300;
}
.form-control[readonly],
.form-control:disabled {
background: $dark-300;
}
.card,
.jumbotron,
.list-group-item {
background: $dark-300;
}
.blockquote {
border-color: $dark-300;
}
.bg-dark {
background-color: $dark-300 !important;
}
.dropdown-item {
color: $light;
}
.list-group-item {
border-color: $dark-200;
}
.text-dark {
color: $light !important;
}
table[data-sortable].sortable-theme-bootstrap {
color: $light;
background-color: $dark-300;
}
table[data-sortable].sortable-theme-bootstrap th,
table[data-sortable].sortable-theme-bootstrap td {
border-color: $dark-100 !important;
}
table[data-sortable].sortable-theme-bootstrap th[data-sorted="true"] {
color: $light;
background: $dark-200;
}
table[data-sortable].sortable-theme-bootstrap th[data-sorted="true"][data-sorted-direction="ascending"]::after, {
border-bottom-color: $light;
}
table[data-sortable].sortable-theme-bootstrap th[data-sorted="true"][data-sorted-direction="descending"]::after {
border-top-color: $light;
}
/*
* Other
*/
.nav-dropdown {
color: $light;
background-color: $dark-400;
border-color: $dark-300;
}
.nav-theme-icon:before {
color: $warning;
font-size: 1em;
content: "\f185";
}

25
assets/css/style.scss
View File

@ -177,6 +177,10 @@ h2, h3:not(.h5), h4, h5 {
text-align: justify;
}
.no-text-wrap {
white-space: nowrap;
}
footer {
img,
i {
@ -184,6 +188,7 @@ footer {
}
}
/*
* Navbar
*/
@ -272,8 +277,15 @@ input#nav-toggle,
display: none;
}
#nav-switch-theme {
/* We will make it visible with JavaScript
* as it does not work without it */
display: none;
}
/* Mobile hamburger menu */
/*
* Mobile hamburger menu
*/
@media only screen and (max-width: 992px) {
.menu,
@ -335,3 +347,14 @@ input#nav-toggle,
max-height: 8em;
}
}
.nav-theme-icon:before {
color: var(--warning);
font-size: 0.875em;
content: "\f186";
}
.table td, .table th {
vertical-align: middle;
}

6
assets/js/applytheme.js Normal file
View File

@ -0,0 +1,6 @@
if (localStorage.getItem("colorScheme") === "dark") {
document.querySelector("#dark-css").removeAttribute("media"); // Set dark theme
}
else if (localStorage.getItem("colorScheme") === "light") {
document.querySelector("#dark-css").setAttribute("media", "invalid"); // Set light theme
}

42
assets/js/main.js
View File

@ -27,6 +27,48 @@ function navSectionsClose(event) {
});
}
// Dark/Light color scheme switch button
document.querySelector("#nav-switch-theme").style.display = "inline";
function changeColorScheme() {
// Use whatever users want
if (localStorage.getItem("colorScheme") === "dark") {
// Change to light theme
if (window.matchMedia("(prefers-color-scheme: dark)").matches === false) {
document.querySelector("#dark-css").setAttribute("media", "(prefers-color-scheme: dark)");
localStorage.removeItem("colorScheme");
} else {
// by setting invalid media it will just not apply CSS for anyone
document.querySelector("#dark-css").setAttribute("media", "invalid");
localStorage.setItem("colorScheme", "light");
}
}
// Change to dark theme
else if (localStorage.getItem("colorScheme") === "light") {
if (window.matchMedia("(prefers-color-scheme: dark)").matches === true) {
document.querySelector("#dark-css").setAttribute("media", "(prefers-color-scheme: dark)");
localStorage.removeItem("colorScheme");
} else {
// media was set to prefers-color-scheme: dark
document.querySelector("#dark-css").removeAttribute("media");
localStorage.setItem("colorScheme", "dark");
}
}
// Just use whatever browsers want
else if (window.matchMedia("(prefers-color-scheme: dark)").matches === true) {
// Change to light Theme
document.querySelector("#dark-css").setAttribute("media", "invalid");
localStorage.setItem("colorScheme", "light");
} else {
// Change to dark theme
document.querySelector("#dark-css").removeAttribute("media");
localStorage.setItem("colorScheme", "dark");
}
}
// Matomo
var _paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */

2
source_code.md
View File

@ -299,6 +299,8 @@ BlahDNS: https://github.com/ookangzheng/blahdns/
CloudFlare DNS: https://github.com/cloudflare/dns
NixNet DNS: https://git.nixnet.xyz/NixNet/dns
PowerDNS: https://github.com/PowerDNS/pdns
### Worth Mentioning and Additional Information