2020-05-16 09:03:22 +00:00
10 changed files with 327 additions and 148 deletions
--- a/_includes/badge.html
+++ b/_includes/badge.html
@ -1,6 +1,6 @@
 {% if include.link %}
 <a
-  href="{{ link }}" class="badge badge-{{ include.color | default: "info" }}"
+  href="{{ include.link }}" class="badge badge-{{ include.color | default: "info" }}"
  {% if include.tooltip %}
  data-toggle="tooltip"
  title="{{ include.tooltip }}"><i class="{{ include.icon | default: "far fa-question-circle"}}"></i> {{ include.text }}
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@ -112,7 +112,12 @@
          </span>
          <span class="no-text-wrap">
            malicious domains
-            <span class="badge badge-warning" data-toggle="tooltip" data-original-title="And some wildcard and IDN domains."><a href="https://github.com/ookangzheng/blahdns#default-blocked-wildcard-domain"><i class="fas fa-exclamation-triangle"></i></a></span>
+            {% include badge.html
            link="https://github.com/ookangzheng/blahdns#default-blocked-wildcard-domain"
            color="warning"
            icon="fas fa-exclamation-triangle"
            tooltip="And some wildcard and IDN domains."
            %}
          </span>
        </td>
        <td>
@ -137,7 +142,13 @@
      <tr>
        <td data-value="Cloudflare">
-          <a href="https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/">Cloudflare</a> <span class="badge badge-warning" data-toggle="tooltip" title="Cloudflare is one of the world's largest networks, and a problem considering anonymity and decentralization."><a href="https://codeberg.org/crimeflare/cloudflare-tor/"><i class="fas fa-exclamation-triangle"></i></a></span>
+          <a href="https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/">Cloudflare</a>
          {% include badge.html
          link="https://codeberg.org/crimeflare/cloudflare-tor/"
          color="warning"
          icon="fas fa-exclamation-triangle"
          tooltip="Cloudflare is one of the world's largest networks, and a problem considering anonymity and decentralization."
          %}
        </td>
        <td>Anycast (based in
          <span class="no-text-wrap">
@ -355,7 +366,12 @@
      <tr>
        <td data-value="Quad9">
-          <a href="https://quad9.net/">Quad9</a> <span class="badge badge-warning" data-toggle="tooltip" title="Founders include the Global Cyber Alliance, composed of the City of London Police and Manhattan District Attorney's Office"><i class="fas fa-exclamation-triangle"></i></span>
+          <a href="https://quad9.net/">Quad9</a>
          {% include badge.html
          color="warning"
          icon="fas fa-exclamation-triangle"
          tooltip="Founders include the Global Cyber Alliance, composed of the City of London Police and Manhattan District Attorney's Office."
          %}
        </td>
        <td>Anycast (based in
          <span class="no-text-wrap">
--- a/_includes/sections/file-encryption.html
+++ b/_includes/sections/file-encryption.html
@ -55,10 +55,21 @@
 <h3>Worth Mentioning</h3>
 <ul>
-  <li><a href="https://cryptomator.org/">Cryptomator</a> - Free client-side AES encryption for your cloud files. Open source software: No backdoors, no registration. <span class="badge badge-warning" data-toggle="tooltip" title="Cryptomator's mobile apps are not open-source."><a href="https://github.com/cryptomator/cryptomator-android/issues/1#issuecomment-257979375"><i class="fas fa-exclamation-triangle"></i></a></span></li>
+  <li><a href="https://cryptomator.org/">Cryptomator</a> - Free client-side AES encryption for your cloud files. Open source software: No backdoors, no registration.
    {% include badge.html
    color="warning"
    icon="fas fa-exclamation-triangle"
    link="https://github.com/cryptomator/cryptomator-android/issues/1#issuecomment-257979375"
    tooltip="Cryptomator's mobile apps are not open-source."
    %}</li>
  <li><a href="https://gitlab.com/cryptsetup/cryptsetup/">Linux Unified Key Setup (LUKS)</a> - A full disk encryption system for Linux using dm-crypt as the disk encryption backend. Included by default in Ubuntu. Available for Windows and Linux.</li>
  <li><a href="https://www.dyne.org/software/tomb/">Tomb</a> - A simple zsh script for making LUKS containers on the commandline.</li>
  <li><a href="https://hat.sh/">Hat.sh</a> - A cross-platform, serverless JavaScript web application that provides secure file encryption using the AES-256-GCM algorithm in your browser. It can also be downloaded and run offline.</li>
-  <li><a href="https://www.keka.io/">Keka</a> - A macOS-only, file archiver with the ability to encrypt files. <span class="badge badge-warning" data-toggle="tooltip" title="This software isn't open source anymore"><a href="https://github.com/aonez/Keka#so-where-is-the-source-code"><i class="fas fa-exclamation-triangle"></i></a></span>
+  <li><a href="https://www.keka.io/">Keka</a> - A macOS-only, file archiver with the ability to encrypt files.
-  </li>
+    {% include badge.html
    color="warning"
    icon="fas fa-exclamation-triangle"
    link="https://github.com/aonez/Keka#so-where-is-the-source-code"
    tooltip="This software is no longer open source."
    %}</li>
 </ul>
--- a/_includes/sections/file-sharing.html
+++ b/_includes/sections/file-sharing.html
@ -46,7 +46,14 @@ netbsd="https://pypi.org/project/magic-wormhole/"
 <h3>Worth Mentioning</h3>
 <ul>
-  <li><a href="https://framadrop.org/">FramaDrop</a> - Stores a file of any size for 24h. Data is end-to-end encrypted from your browser, powered by <a href="https://framagit.org/fiat-tux/hat-softwares/lufi">LuFi</a>. <span class="badge badge-warning" data-toggle="tooltip" title="FramaDrop logs IP addresses and fingerprints the browser for an unclear amount of time."><a href="https://framasoft.org/en/cgu/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
+  <li><a href="https://framadrop.org/">FramaDrop</a> - Stores a file of any size for 24h. Data is end-to-end encrypted from your browser, powered by <a href="https://framagit.org/fiat-tux/hat-softwares/lufi">LuFi</a>.
    {% include badge.html
    color="warning"
    icon="fas fa-exclamation-triangle"
    link="https://framasoft.org/en/cgu/"
    tooltip="FramaDrop logs IP addresses and fingerprints the browser for an unclear amount of time."
    %}
  </li>
  <li><a href="https://github.com/schollz/croc">croc</a> - Easily and securely send arbitrary-sized files from one computer to another. Similar to Magic Wormhole but without dependencies.</li>
  <li><a href="https://freedombox.org/">FreedomBox</a> - Designed to be your own inexpensive server at home. It runs free software and offers an increasing number of services ranging from a calendar or XMPP server, to a wiki, or VPN.</li>
 </ul>
--- a/_includes/sections/live-operating-systems.html
+++ b/_includes/sections/live-operating-systems.html
@ -15,12 +15,19 @@ git="https://git-tails.immerda.ch/tails/"
 <ul>
  <li>
    <a href="https://getfedora.org/">Fedora Workstation</a>
-    <span class="badge badge-info">GNU/Linux</span>
+    {% include badge.html
    color="info"
    text="GNU/Linux"
    %}
    - Fedora is a Linux distribution developed by the Fedora Project and sponsored by Red Hat. Fedora Workstation is a secure, reliable, and user-friendly edition developed for desktops and laptops, using GNOME as the default desktop environment.
  </li>
  <li>
    <a href="https://debian.org/">Debian</a>
-    <span class="badge badge-info">GNU/Linux</span>
+    {% include badge.html
    color="info"
    text="GNU/Linux"
    %}
    - Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project.
  </li>
 </ul>
--- a/_includes/sections/mobile-operating-systems.html
+++ b/_includes/sections/mobile-operating-systems.html
@ -40,7 +40,41 @@ github="https://github.com/ubports"
 <h3>Worth Mentioning</h3>
 <ul>
-  <li><a href="https://www.replicant.us/">Replicant</a> <span class="badge badge-info">AOSP</span> - An open-source operating system based on Android, aiming to replace all proprietary components with free software.</li>
+  <li><a href="https://www.replicant.us/">Replicant</a>
-  <li><a href="https://www.omnirom.org/">OmniROM</a> <span class="badge badge-info">AOSP</span> <span class="badge badge-warning" data-toggle="tooltip" title="This software may depend on or recommend non-free software.">contrib <i class="far fa-question-circle"></i></span> - A free-software operating system for smartphones and tablet computers, based on the Android mobile platform.</li>
+    {% include badge.html
-  <li><a href="https://microg.org/">MicroG</a> <span class="badge badge-info">Add-on Package</span> <span class="badge badge-warning" data-toggle="tooltip" title="This software may depend on or recommend non-free software.">contrib <i class="far fa-question-circle"></i></span> - A project that aims to reimplement the proprietary Google Play Services in the Android operating system with a FLOSS replacement. The microG project also maintains a fork of LineageOS with microG and F-Droid preinstalled at <a href="https://lineage.microg.org/">Lineage for microG</a>.</li>
+    color="info"
    text="AOSP"
    %}
    - An open-source operating system based on Android, aiming to replace all proprietary components with free software.
  </li>
  <li>
    <a href="https://www.omnirom.org/">OmniROM</a>
    {% include badge.html
    color="info"
    text="AOSP"
    %}
    {% include badge.html
    color="warning"
    icon="far fa-question-circle"
    text="contrib"
    tooltip="This software may depend on or recommend non-free software."
    %}
    - A free-software operating system for smartphones and tablet computers, based on the Android mobile platform.
  </li>
  <li>
    <a href="https://microg.org/">MicroG</a>
    {% include badge.html
    color="info"
    text="Add-on Package"
    %}
    {% include badge.html
    color="warning"
    icon="far fa-question-circle"
    text="contrib"
    tooltip="This software may depend on or recommend non-free software."
    %}
    - A project that aims to reimplement the proprietary Google Play Services in the Android operating system with a FLOSS replacement. The microG project also maintains a fork of LineageOS with microG and F-Droid preinstalled at <a href="https://lineage.microg.org/">Lineage for microG</a>.
  </li>
 </ul>
--- a/_includes/sections/operating-systems.html
+++ b/_includes/sections/operating-systems.html
@ -41,10 +41,46 @@ gitlab="https://salsa.debian.org/qa/debsources"
 <h3>Worth Mentioning</h3>
 <ul>
-  <li><a href="https://www.openbsd.org/">OpenBSD</a> <span class="badge badge-info">BSD</span> - A project that produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Emphasizes portability, standardization, correctness, proactive security and integrated cryptography.</li>
+  <li><a href="https://www.openbsd.org/">OpenBSD</a>
-  <li><a href="https://www.archlinux.org/">Arch Linux</a> <span class="badge badge-info">GNU/Linux</span> <span class="badge badge-warning" data-toggle="tooltip" title="This software may depend on or recommend non-free software.">contrib <i class="far fa-question-circle"></i></span> - A simple, lightweight Linux distribution. It is composed predominantly of free and open-source software, and supports community involvement. <a href="https://www.parabola.nu/">Parabola</a> is a
+    {% include badge.html
-    completely open source version of Arch Linux.</li>
+    color="info"
-  <li><a href="https://trisquel.info/">Trisquel</a> <span class="badge badge-info">GNU/Linux</span> - Derived from Ubuntu, this project aims for a fully free software system without proprietary software or firmware and uses Linux-libre, a version of the Linux kernel with the non-free code (binary blobs) removed.</li>
+    text="BSD"
-  <li><a href="https://www.whonix.org/">Whonix</a> <span class="badge badge-info">GNU/Linux</span> - A Debian-based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation"
+    %}
-    and a Tor "Gateway". All communication are forced through the Tor network to accomplish this.</li>
+    - A project that produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Emphasizes portability, standardization, correctness, proactive security and integrated cryptography.
  </li>
  <li>
    <a href="https://www.archlinux.org/">Arch Linux</a>
    {% include badge.html
    color="info"
    text="GNU/Linux"
    %}
    {% include badge.html
    color="warning"
    icon="far fa-question-circle"
    text="contrib"
    tooltip="This software may depend on or recommend non-free software."
    %}
    - A simple, lightweight Linux distribution. It is composed predominantly of free and open-source software, and supports community involvement. <a href="https://www.parabola.nu/">Parabola</a> is a
    completely open source version of Arch Linux.
  </li>
  <li>
    <a href="https://trisquel.info/">Trisquel</a>
    {% include badge.html
    color="info"
    text="GNU/Linux"
    %}
    - Derived from Ubuntu, this project aims for a fully free software system without proprietary software or firmware and uses Linux-libre, a version of the Linux kernel with the non-free code (binary blobs) removed.
  </li>
  <li>
    <a href="https://www.whonix.org/">Whonix</a>
    {% include badge.html
    color="info"
    text="GNU/Linux"
    %}
    - A Debian-based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation"
    and a Tor "Gateway". All communication are forced through the Tor network to accomplish this.
  </li>
 </ul>
--- a/_includes/sections/router-firmware.html
+++ b/_includes/sections/router-firmware.html
@ -36,6 +36,27 @@ git="https://gogs.librecmc.org/libreCMC/libreCMC"
 <h3>Worth Mentioning</h3>
 <ul>
-  <li><a href="https://www.openbsd.org/">OpenBSD</a> <span class="badge badge-info">BSD</span> - A project that produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Emphasizes portability, standardization, correctness, proactive security and integrated cryptography.</li>
+  <li>
-  <li><a href="https://dd-wrt.com/">DD-WRT</a> <span class="badge badge-info">Linux</span> <span class="badge badge-warning" data-toggle="tooltip" title="This software may depend on or recommend non-free software.">contrib <i class="far fa-question-circle"></i></span> - A Linux-based open-source firmware compatible with several models of routers and access points.</li>
+    <a href="https://www.openbsd.org/">OpenBSD</a>
    {% include badge.html
    color="info"
    text="BSD"
    %}
    - A project that produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Emphasizes portability, standardization, correctness, proactive security and integrated cryptography.
  </li>
  <li>
    <a href="https://dd-wrt.com/">DD-WRT</a>
    {% include badge.html
    color="info"
    text="GNU/Linux"
    %}
    {% include badge.html
    color="warning"
    icon="far fa-question-circle"
    text="contrib"
    tooltip="This software may depend on or recommend non-free software."
    %}
    - A Linux-based open-source firmware compatible with several models of routers and access points.
  </li>
 </ul>
--- a/_includes/sections/voice-video-messenger.html
+++ b/_includes/sections/voice-video-messenger.html
@ -39,17 +39,24 @@ ios="https://apps.apple.com/us/app/mumble/id443472808?ls=1"
 <ul>
  <li>
    <a href="https://jitsi.org/jitsi-meet/">Jitsi Meet</a> - Jitsi Meet is a free and open-source multiplatform voice (VoIP), video conferencing, and instant messaging application.
-    <span class="badge badge-warning"
+
-      data-toggle="tooltip"
+    {% include badge.html
-      title="Our Firefox tweaks recommend disabling WebRTC as it can be used to leak your IP address even behind a VPN, which is why Tor Browser disables it.">Requires WebRTC
+    color="warning"
-    </span>
+    icon="fas fa-exclamation-triangle"
-    <span class="badge badge-warning">
+    text="Requires WebRTC"
-      <a href="https://jitsi.org/security">Multiparty meetings are not E2EE</a>
+    tooltip="Our Firefox tweaks recommend disabling WebRTC as it can be used to leak your IP address even behind a VPN, which is why Tor Browser disables it."
-    </span>
+    %}
    {% include badge.html
    color="warning"
    icon="fas fa-exclamation-triangle"
    link="https://jitsi.org/security"
    text="Multiparty meetings are not E2EE"
    %}
    See also <a href="https://github.com/jitsi/jitsi-meet/wiki/Jitsi-Meet-Instances">list of public Jitsi Meet instances</a>.
  </li>
 </ul>
 <h3>Related Information</h3>
 <ul>
--- a/pages/providers/dns.html
+++ b/pages/providers/dns.html
@ -13,10 +13,21 @@ breadcrumb: "DNS"
 <ul>
  <li>DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. DoT has two modes:</li>
    <ul>
-        <li>Oppurtunistic mode: the client attempts to form a DNS-over-TLS connection to the server on port 853 without performing certificate validation. If it fails, it will use unencrypted DNS. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="In other words automatic mode leaves your DNS traffic vulnerable to SSL strip and MITM attacks"><i class="fas fa-exclamation-triangle"></i></span></li>
+        <li>Oppurtunistic mode: the client attempts to form a DNS-over-TLS connection to the server on port 853 without performing certificate validation. If it fails, it will use unencrypted DNS.
        {% include badge.html
        color="warning"
        icon="fas fa-exclamation-triangle"
        tooltip="In other words automatic mode leaves your DNS traffic vulnerable to SSL strip and MITM attacks."
        %}</li>
        <li>Strict mode: the client connects to a specific hostname and performs certificate validation for it. If it fails, no DNS queries are made until it succeeds.</li>
    </ul>
-  <li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server."><a href="https://tools.ietf.org/html/rfc8484#section-8.2"><i class="fas fa-exclamation-triangle"></i></a></span></li>
+  <li>DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.
    {% include badge.html
    color="warning"
    icon="fas fa-exclamation-triangle"
    link="https://tools.ietf.org/html/rfc8484#section-8.2"
    tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server."
    %}</li>
  <li>DNSCrypt - An older yet robust method of encrypting DNS.</li>
 </ul>
@ -25,9 +36,20 @@ breadcrumb: "DNS"
 <ul>
  <li>DoH / DoT
    <ul>
-      <li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title="Your DNS provider may not appear with their own name, so compare the responses to what you know or can find about your DNS provider. Just ensure you don't see your ISP or old unencrypted DNS provider."><i class="fas fa-exclamation-triangle"></i></span></li>
+      <li>Check <a href="https://www.dnsleaktest.com/">DNSLeakTest.com</a>.
        {% include badge.html
        color="warning"
        icon="fas fa-exclamation-triangle"
        tooltip="Your DNS provider may not appear with their own name, so compare the responses to what you know or can find about your DNS provider. Just ensure you don't see your ISP or old unencrypted DNS provider."
        %}</li>
      <li>Check the website of your DNS provider. They may have a page for telling "you are using our DNS." Examples include <a href="https://adguard.com/en/adguard-dns/overview.html">AdGuard</a> and <a href="https://1.1.1.1/help">Cloudflare</a>.</li>
-      <li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='Some fields will say "false" depending on the the value of network.trr.mode in about:config'><a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver"><i class="fas fa-exclamation-triangle"></i></a></span></li>
+      <li>If using Firefox's trusted recursive resolver (TRR), navigate to <code>about:networking#dns</code>. If the TRR column says "true" for some fields, you are using DoH.
        {% include badge.html
        color="warning"
        icon="fas fa-exclamation-triangle"
        link="https://wiki.mozilla.org/Trusted_Recursive_Resolver"
        tooltip="Some fields will say 'false' depending on the the value of network.trr.mode in about:config"
        %}</li>
    </ul>
  </li>
  <li>dnscrypt-proxy - Check <a href="https://github.com/jedisct1/dnscrypt-proxy/wiki/Checking">dnscrypt-proxy's wiki on how to verify that your DNS is encrypted</a>.</li>
@ -40,7 +62,14 @@ breadcrumb: "DNS"
 <ul>
  <li><strong>Encrypted DNS clients for desktop:</strong>
    <ul>
-      <li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. <span class="badge badge-warning" data-toggle="tooltip" data-placement="bottom" data-original-title='"Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser."'><a href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"><i class="fas fa-exclamation-triangle"></i></a></span> Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
+      <li><em>Firefox</em> comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver.
        {% include badge.html
        color="warning"
        icon="fas fa-exclamation-triangle"
        link="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/"
        tooltip="&quot;Cloudflare has agreed to collect only a limited amount of data about the DNS requests that are sent to the Cloudflare Resolver for Firefox via the Firefox browser.&quot;"
        %}
        Currently Mozilla is <a href="https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/">conducting studies</a> before enabling DoH by default for all US-based Firefox users.</li>
          <ul>
              <li>DNS over HTTPS can be enabled in Menu -> Preferences (<code>about:preferences</code>) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom", and enter your DoH provider's address.</li>
              <li>Advanced users may enable it in <code>about:config</code> by setting <code>network.trr.custom_uri</code> and <code>network.trr.uri</code> as the address you find from the documentation of your DoH provider and <code>network.trr.mode</code> as <code>2</code>. It may also be desirable to set <code>network.security.esni.enabled</code> to <code>True</code> in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.</li>
@ -49,9 +78,20 @@ breadcrumb: "DNS"
  </li>
  <li><strong>Encrypted DNS clients for mobile:</strong>
    <ul>
-      <li><em>Android 9</em> comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>. <span class="badge badge-warning" data-toggle="tooltip" data-original-title="...but with some caveats"><a href="https://www.quad9.net/private-dns-quad9-android9/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
+      <li><em>Android 9</em> comes with a DoT client by <a href="https://support.google.com/android/answer/9089903">default</a>.
        {% include badge.html
        color="warning"
        icon="fas fa-exclamation-triangle"
        link="https://www.quad9.net/private-dns-quad9-android9/"
        tooltip="...but with some caveats"
        %}</li>
        <ul>
-          <li>We recommend selecting <em>Private DNS provider hostname</em> and entering the DoT address from documentation of your DoT provider to enable strict mode (see Terms above). <span class="badge badge-warning" data-toggle="tooltip" data-original-title="If you are on a network blocking access to port 853, Android will error about the network not having internet connectivity."><i class="fas fa-exclamation-triangle"></i></span></li>
+          <li>We recommend selecting <em>Private DNS provider hostname</em> and entering the DoT address from documentation of your DoT provider to enable strict mode (see Terms above).
            {% include badge.html
            color="warning"
            icon="fas fa-exclamation-triangle"
            tooltip="If you are on a network blocking access to port 853, Android will error about the network not having internet connectivity."
            %}</li>
        </ul>
      <li><em><a href="https://apps.apple.com/app/id1452162351">DNSCloak</a></em> - An <a href="https://github.com/s-s/dnscloak">open-source</a> DNSCrypt and DoH client for iOS by <td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"A charitable non-profit host organization for international Free Software projects."' href="https://techcultivation.org/">the Center for the Cultivation of Technology gemeinnuetzige GmbH</a>.</li>
      <li><em><a href="https://git.frostnerd.com/PublicAndroidApps/smokescreen/blob/master/README.md">Nebulo</a></em> - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.</li>