2020-08-27 00:13:53 -04:00
|
|
|
# SOME DESCRIPTIVE TITLE.
|
2020-09-03 14:52:02 -04:00
|
|
|
# Copyright (C) Micah Lee, et al.
|
2020-08-27 00:13:53 -04:00
|
|
|
# This file is distributed under the same license as the OnionShare package.
|
|
|
|
# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
|
|
|
|
#
|
|
|
|
#, fuzzy
|
|
|
|
msgid ""
|
|
|
|
msgstr ""
|
|
|
|
"Project-Id-Version: OnionShare 2.3\n"
|
|
|
|
"Report-Msgid-Bugs-To: \n"
|
2021-09-10 15:35:44 -04:00
|
|
|
"POT-Creation-Date: 2021-09-10 12:35-0700\n"
|
2020-08-27 00:13:53 -04:00
|
|
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
|
|
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
|
|
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
|
|
|
"MIME-Version: 1.0\n"
|
|
|
|
"Content-Type: text/plain; charset=utf-8\n"
|
|
|
|
"Content-Transfer-Encoding: 8bit\n"
|
2020-11-15 17:44:58 -05:00
|
|
|
"Generated-By: Babel 2.9.0\n"
|
2020-08-27 00:13:53 -04:00
|
|
|
|
|
|
|
#: ../../source/security.rst:2
|
2020-11-15 17:44:58 -05:00
|
|
|
msgid "Security Design"
|
2020-08-27 00:13:53 -04:00
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
#: ../../source/security.rst:4
|
2020-11-15 17:44:58 -05:00
|
|
|
msgid "Read :ref:`how_it_works` first to get a handle on how OnionShare works."
|
2020-08-27 00:13:53 -04:00
|
|
|
msgstr ""
|
|
|
|
|
2020-08-27 20:30:42 -04:00
|
|
|
#: ../../source/security.rst:6
|
|
|
|
msgid "Like all software, OnionShare may contain bugs or vulnerabilities."
|
2020-08-27 00:13:53 -04:00
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
#: ../../source/security.rst:9
|
2020-08-27 20:30:42 -04:00
|
|
|
msgid "What OnionShare protects against"
|
|
|
|
msgstr ""
|
|
|
|
|
|
|
|
#: ../../source/security.rst:11
|
2020-08-27 00:13:53 -04:00
|
|
|
msgid ""
|
|
|
|
"**Third parties don't have access to anything that happens in "
|
2020-11-15 17:44:58 -05:00
|
|
|
"OnionShare.** Using OnionShare means hosting services directly on your "
|
|
|
|
"computer. When sharing files with OnionShare, they are not uploaded to "
|
|
|
|
"any server. If you make an OnionShare chat room, your computer acts as a "
|
|
|
|
"server for that too. This avoids the traditional model of having to trust"
|
|
|
|
" the computers of others."
|
2020-08-27 00:13:53 -04:00
|
|
|
msgstr ""
|
|
|
|
|
2020-08-27 20:30:42 -04:00
|
|
|
#: ../../source/security.rst:13
|
2020-08-27 00:13:53 -04:00
|
|
|
msgid ""
|
|
|
|
"**Network eavesdroppers can't spy on anything that happens in OnionShare "
|
2020-11-15 17:44:58 -05:00
|
|
|
"in transit.** The connection between the Tor onion service and Tor "
|
|
|
|
"Browser is end-to-end encrypted. This means network attackers can't "
|
|
|
|
"eavesdrop on anything except encrypted Tor traffic. Even if an "
|
|
|
|
"eavesdropper is a malicious rendezvous node used to connect the Tor "
|
|
|
|
"Browser with OnionShare's onion service, the traffic is encrypted using "
|
|
|
|
"the onion service's private key."
|
2020-08-27 00:13:53 -04:00
|
|
|
msgstr ""
|
|
|
|
|
2020-08-27 20:30:42 -04:00
|
|
|
#: ../../source/security.rst:15
|
2020-08-27 00:13:53 -04:00
|
|
|
msgid ""
|
|
|
|
"**Anonymity of OnionShare users are protected by Tor.** OnionShare and "
|
|
|
|
"Tor Browser protect the anonymity of the users. As long as the OnionShare"
|
|
|
|
" user anonymously communicates the OnionShare address with the Tor "
|
|
|
|
"Browser users, the Tor Browser users and eavesdroppers can't learn the "
|
|
|
|
"identity of the OnionShare user."
|
|
|
|
msgstr ""
|
|
|
|
|
2020-08-27 20:30:42 -04:00
|
|
|
#: ../../source/security.rst:17
|
2020-08-27 00:13:53 -04:00
|
|
|
msgid ""
|
2020-11-15 17:44:58 -05:00
|
|
|
"**If an attacker learns about the onion service, it still can't access "
|
|
|
|
"anything.** Prior attacks against the Tor network to enumerate onion "
|
2021-09-09 22:50:11 -04:00
|
|
|
"services allowed the attacker to discover private ``.onion`` addresses. "
|
|
|
|
"If an attack discovers a private OnionShare address, they will also need "
|
|
|
|
"to guess the private key used for client authentication in order to "
|
2021-09-10 15:35:44 -04:00
|
|
|
"access it (unless the OnionShare user chooses make their service public "
|
2021-09-09 22:50:11 -04:00
|
|
|
"by turning off the private key -- see :ref:`turn_off_private_key`)."
|
2020-08-27 00:13:53 -04:00
|
|
|
msgstr ""
|
|
|
|
|
2020-08-27 20:30:42 -04:00
|
|
|
#: ../../source/security.rst:20
|
2020-08-27 00:13:53 -04:00
|
|
|
msgid "What OnionShare doesn't protect against"
|
|
|
|
msgstr ""
|
|
|
|
|
2020-08-27 20:30:42 -04:00
|
|
|
#: ../../source/security.rst:22
|
2020-08-27 00:13:53 -04:00
|
|
|
msgid ""
|
2021-09-09 22:50:11 -04:00
|
|
|
"**Communicating the OnionShare address and private key might not be "
|
|
|
|
"secure.** Communicating the OnionShare address to people is the "
|
|
|
|
"responsibility of the OnionShare user. If sent insecurely (such as "
|
|
|
|
"through an email message monitored by an attacker), an eavesdropper can "
|
|
|
|
"tell that OnionShare is being used. If the eavesdropper loads the address"
|
|
|
|
" in Tor Browser while the service is still up, they can access it. To "
|
2021-09-10 15:35:44 -04:00
|
|
|
"avoid this, the address must be communicated securely, via encrypted text"
|
|
|
|
" message (probably with disappearing messages enabled), encrypted email, "
|
|
|
|
"or in person. This isn't necessary when using OnionShare for something "
|
|
|
|
"that isn't secret."
|
2020-08-27 00:13:53 -04:00
|
|
|
msgstr ""
|
|
|
|
|
2020-08-27 20:30:42 -04:00
|
|
|
#: ../../source/security.rst:24
|
2020-08-27 00:13:53 -04:00
|
|
|
msgid ""
|
2021-09-09 22:50:11 -04:00
|
|
|
"**Communicating the OnionShare address and private key might not be "
|
|
|
|
"anonymous.** Extra precautions must be taken to ensure the OnionShare "
|
|
|
|
"address is communicated anonymously. A new email or chat account, only "
|
|
|
|
"accessed over Tor, can be used to share the address. This isn't necessary"
|
|
|
|
" unless anonymity is a goal."
|
2020-08-27 00:13:53 -04:00
|
|
|
msgstr ""
|
|
|
|
|
2020-11-15 17:44:58 -05:00
|
|
|
#~ msgid "Security design"
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "First read :ref:`how_it_works` to understand"
|
|
|
|
#~ " the basics of how OnionShare works."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**Third parties don't have access to "
|
|
|
|
#~ "anything that happens in OnionShare.** "
|
|
|
|
#~ "When you use OnionShare, you host "
|
|
|
|
#~ "services directly on your computer. For"
|
|
|
|
#~ " example, when you share files with"
|
|
|
|
#~ " OnionShare, you don't upload these "
|
|
|
|
#~ "files to any server, and when you"
|
|
|
|
#~ " start an OnionShare chat room, your"
|
|
|
|
#~ " computer is the chat room server "
|
|
|
|
#~ "itself. Traditional ways of sharing "
|
|
|
|
#~ "files or setting up websites and "
|
|
|
|
#~ "chat rooms require trusting a service"
|
|
|
|
#~ " with access to your data."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**Network eavesdroppers can't spy on "
|
|
|
|
#~ "anything that happens in OnionShare in"
|
|
|
|
#~ " transit.** Because connections between Tor"
|
|
|
|
#~ " onion services and Tor Browser are"
|
|
|
|
#~ " end-to-end encrypted, no network "
|
|
|
|
#~ "attackers can eavesdrop on what happens"
|
|
|
|
#~ " in an OnionShare service. If the "
|
|
|
|
#~ "eavesdropper is positioned on the "
|
|
|
|
#~ "OnionShare user's end, the Tor Browser"
|
|
|
|
#~ " user's end, or is a malicious "
|
|
|
|
#~ "Tor node, they will only see Tor"
|
|
|
|
#~ " traffic. If the eavesdropper is a"
|
|
|
|
#~ " malicious rendezvous node used to "
|
|
|
|
#~ "connect Tor Browser with OnionShare's "
|
|
|
|
#~ "onion service, the traffic will be "
|
|
|
|
#~ "encrypted using the onion service key."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**If an attacker learns about the "
|
|
|
|
#~ "onion service, they still can't access"
|
|
|
|
#~ " anything.** There have been attacks "
|
|
|
|
#~ "against the Tor network that can "
|
|
|
|
#~ "enumerate onion services. Even if "
|
|
|
|
#~ "someone discovers the .onion address of"
|
|
|
|
#~ " an OnionShare onion service, they "
|
|
|
|
#~ "can't access it without also knowing "
|
|
|
|
#~ "the service's random password (unless, "
|
|
|
|
#~ "of course, the OnionShare users chooses"
|
|
|
|
#~ " to disable the password and make "
|
|
|
|
#~ "it public). The password is generated"
|
|
|
|
#~ " by choosing two random words from"
|
|
|
|
#~ " a list of 6800 words, meaning "
|
|
|
|
#~ "there are 6800^2, or about 46 "
|
|
|
|
#~ "million possible password. But they can"
|
|
|
|
#~ " only make 20 wrong guesses before"
|
|
|
|
#~ " OnionShare stops the server, preventing"
|
|
|
|
#~ " brute force attacks against the "
|
|
|
|
#~ "password."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**Communicating the OnionShare address might"
|
|
|
|
#~ " not be secure.** The OnionShare user"
|
|
|
|
#~ " is responsible for securely communicating"
|
|
|
|
#~ " the OnionShare address with people. "
|
|
|
|
#~ "If they send it insecurely (such "
|
|
|
|
#~ "as through an email message, and "
|
|
|
|
#~ "their email is being monitored by "
|
|
|
|
#~ "an attacker), the eavesdropper will "
|
|
|
|
#~ "learn that they're using OnionShare. If"
|
|
|
|
#~ " the attacker loads the address in"
|
|
|
|
#~ " Tor Browser before the legitimate "
|
|
|
|
#~ "recipient gets to it, they can "
|
|
|
|
#~ "access the service. If this risk "
|
|
|
|
#~ "fits the user's threat model, they "
|
|
|
|
#~ "must find a more secure way to "
|
|
|
|
#~ "communicate the address, such as in "
|
|
|
|
#~ "an encrypted email, chat, or voice "
|
|
|
|
#~ "call. This isn't necessary in cases "
|
|
|
|
#~ "where OnionShare is being used for "
|
|
|
|
#~ "something that isn't secret."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**Communicating the OnionShare address might"
|
|
|
|
#~ " not be anonymous.** While OnionShare "
|
|
|
|
#~ "and Tor Browser allow for anonymity, "
|
|
|
|
#~ "if the user wishes to remain "
|
|
|
|
#~ "anonymous they must take extra steps "
|
|
|
|
#~ "to ensure this while communicating the"
|
|
|
|
#~ " OnionShare address. For example, they "
|
|
|
|
#~ "might need to use Tor to create"
|
|
|
|
#~ " a new anonymous email or chat "
|
|
|
|
#~ "account, and only access it over "
|
|
|
|
#~ "Tor, to use for sharing the "
|
|
|
|
#~ "address. This isn't necessary in cases"
|
|
|
|
#~ " where there's no need to protect "
|
|
|
|
#~ "anonymity, such as co-workers who "
|
|
|
|
#~ "know each other sharing work documents."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
2020-12-13 18:50:01 -05:00
|
|
|
#~ msgid ""
|
|
|
|
#~ "**If an attacker learns about the "
|
|
|
|
#~ "onion service, it still can't access "
|
|
|
|
#~ "anything.** Prior attacks against the "
|
|
|
|
#~ "Tor network to enumerate onion services"
|
|
|
|
#~ " allowed the attacker to discover "
|
|
|
|
#~ "private .onion addresses. If an attack"
|
|
|
|
#~ " discovers a private OnionShare address,"
|
|
|
|
#~ " a password will be prevent them "
|
|
|
|
#~ "from accessing it (unless the OnionShare"
|
|
|
|
#~ " user chooses to turn it off "
|
|
|
|
#~ "and make it public).. The password "
|
|
|
|
#~ "is generated by choosing two random "
|
|
|
|
#~ "words from a list of 6800 words,"
|
|
|
|
#~ " making 6800^2, or about 46 million"
|
|
|
|
#~ " possible passwords. Only 20 wrong "
|
|
|
|
#~ "guesses can be made before OnionShare"
|
|
|
|
#~ " stops the server, preventing brute "
|
|
|
|
#~ "force attacks against the password."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**Communicating the OnionShare address might"
|
|
|
|
#~ " not be anonymous.** Extra steps must"
|
|
|
|
#~ " be taken to ensure the OnionShare"
|
|
|
|
#~ " address is communicated anonymously. A "
|
|
|
|
#~ "new email or chat account, only "
|
|
|
|
#~ "accessed over Tor, can be used to"
|
|
|
|
#~ " share the address. This isn't "
|
|
|
|
#~ "necessary unless anonymity is a goal."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
2021-09-09 22:50:11 -04:00
|
|
|
#~ msgid ""
|
|
|
|
#~ "**If an attacker learns about the "
|
|
|
|
#~ "onion service, it still can't access "
|
|
|
|
#~ "anything.** Prior attacks against the "
|
|
|
|
#~ "Tor network to enumerate onion services"
|
|
|
|
#~ " allowed the attacker to discover "
|
|
|
|
#~ "private .onion addresses. If an attack"
|
|
|
|
#~ " discovers a private OnionShare address,"
|
|
|
|
#~ " a password will be prevent them "
|
|
|
|
#~ "from accessing it (unless the OnionShare"
|
|
|
|
#~ " user chooses to turn it off "
|
|
|
|
#~ "and make it public). The password "
|
|
|
|
#~ "is generated by choosing two random "
|
|
|
|
#~ "words from a list of 6800 words,"
|
|
|
|
#~ " making 6800², or about 46 million"
|
|
|
|
#~ " possible passwords. Only 20 wrong "
|
|
|
|
#~ "guesses can be made before OnionShare"
|
|
|
|
#~ " stops the server, preventing brute "
|
|
|
|
#~ "force attacks against the password."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**Communicating the OnionShare address might"
|
|
|
|
#~ " not be secure.** Communicating the "
|
|
|
|
#~ "OnionShare address to people is the "
|
|
|
|
#~ "responsibility of the OnionShare user. "
|
|
|
|
#~ "If sent insecurely (such as through "
|
|
|
|
#~ "an email message monitored by an "
|
|
|
|
#~ "attacker), an eavesdropper can tell that"
|
|
|
|
#~ " OnionShare is being used. If the "
|
|
|
|
#~ "eavesdropper loads the address in Tor"
|
|
|
|
#~ " Browser while the service is still"
|
|
|
|
#~ " up, they can access it. To "
|
|
|
|
#~ "avoid this, the address must be "
|
|
|
|
#~ "communicateed securely, via encrypted text "
|
|
|
|
#~ "message (probably with disappearing messages"
|
|
|
|
#~ " enabled), encrypted email, or in "
|
|
|
|
#~ "person. This isn't necessary when using"
|
|
|
|
#~ " OnionShare for something that isn't "
|
|
|
|
#~ "secret."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**Communicating the OnionShare address might"
|
|
|
|
#~ " not be anonymous.** Extra precautions "
|
|
|
|
#~ "must be taken to ensure the "
|
|
|
|
#~ "OnionShare address is communicated "
|
|
|
|
#~ "anonymously. A new email or chat "
|
|
|
|
#~ "account, only accessed over Tor, can "
|
|
|
|
#~ "be used to share the address. This"
|
|
|
|
#~ " isn't necessary unless anonymity is "
|
|
|
|
#~ "a goal."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**If an attacker learns about the "
|
|
|
|
#~ "onion service, it still can't access "
|
|
|
|
#~ "anything.** Prior attacks against the "
|
|
|
|
#~ "Tor network to enumerate onion services"
|
|
|
|
#~ " allowed the attacker to discover "
|
|
|
|
#~ "private .onion addresses. If an attack"
|
|
|
|
#~ " discovers a private OnionShare address,"
|
|
|
|
#~ " but not the private key used "
|
|
|
|
#~ "for Client Authentication, they will be"
|
|
|
|
#~ " prevented from accessing it (unless "
|
|
|
|
#~ "the OnionShare user chooses to turn "
|
|
|
|
#~ "off the private key and make it"
|
|
|
|
#~ " public - see :ref:`turn_off_private_key`)."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
2021-09-10 15:35:44 -04:00
|
|
|
#~ msgid ""
|
|
|
|
#~ "**If an attacker learns about the "
|
|
|
|
#~ "onion service, it still can't access "
|
|
|
|
#~ "anything.** Prior attacks against the "
|
|
|
|
#~ "Tor network to enumerate onion services"
|
|
|
|
#~ " allowed the attacker to discover "
|
|
|
|
#~ "private ``.onion`` addresses. If an "
|
|
|
|
#~ "attack discovers a private OnionShare "
|
|
|
|
#~ "address, they will also need to "
|
|
|
|
#~ "guess the private key used for "
|
|
|
|
#~ "client authentication in order to access"
|
|
|
|
#~ " it (unless the OnionShare user "
|
|
|
|
#~ "chooses make their serivce public by "
|
|
|
|
#~ "turning off the private key -- see"
|
|
|
|
#~ " :ref:`turn_off_private_key`)."
|
|
|
|
#~ msgstr ""
|
|
|
|
|
|
|
|
#~ msgid ""
|
|
|
|
#~ "**Communicating the OnionShare address and "
|
|
|
|
#~ "private key might not be secure.** "
|
|
|
|
#~ "Communicating the OnionShare address to "
|
|
|
|
#~ "people is the responsibility of the "
|
|
|
|
#~ "OnionShare user. If sent insecurely "
|
|
|
|
#~ "(such as through an email message "
|
|
|
|
#~ "monitored by an attacker), an "
|
|
|
|
#~ "eavesdropper can tell that OnionShare is"
|
|
|
|
#~ " being used. If the eavesdropper "
|
|
|
|
#~ "loads the address in Tor Browser "
|
|
|
|
#~ "while the service is still up, "
|
|
|
|
#~ "they can access it. To avoid this,"
|
|
|
|
#~ " the address must be communicateed "
|
|
|
|
#~ "securely, via encrypted text message "
|
|
|
|
#~ "(probably with disappearing messages enabled),"
|
|
|
|
#~ " encrypted email, or in person. This"
|
|
|
|
#~ " isn't necessary when using OnionShare "
|
|
|
|
#~ "for something that isn't secret."
|
|
|
|
#~ msgstr ""
|
|
|
|
|