# SOME DESCRIPTIVE TITLE. # Copyright (C) Micah Lee, et al. # This file is distributed under the same license as the OnionShare package. # FIRST AUTHOR , 2020. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: OnionShare 2.3\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2022-03-31 16:26+1100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Generated-By: Babel 2.9.1\n" #: ../../source/security.rst:2 msgid "Security Design" msgstr "" #: ../../source/security.rst:4 msgid "Read :ref:`how_it_works` first to get a handle on how OnionShare works." msgstr "" #: ../../source/security.rst:6 msgid "Like all software, OnionShare may contain bugs or vulnerabilities." msgstr "" #: ../../source/security.rst:9 msgid "What OnionShare protects against" msgstr "" #: ../../source/security.rst:11 msgid "" "**Third parties don't have access to anything that happens in " "OnionShare.** Using OnionShare means hosting services directly on your " "computer. When sharing your files with OnionShare, they are not uploaded " "to any third-party server. If you make an OnionShare chat room, your " "computer acts as a server for that too. This avoids the traditional model" " of having to trust the computers of others." msgstr "" #: ../../source/security.rst:17 msgid "" "**Network eavesdroppers can't spy on anything that happens in OnionShare " "in transit.** The connection between the Tor onion service and Tor " "Browser is end-to-end encrypted. This means network attackers can't " "eavesdrop on anything except encrypted Tor traffic. Even if an " "eavesdropper is a malicious rendezvous node used to connect the Tor " "Browser with OnionShare's onion service, the traffic is encrypted using " "the onion service's private key." msgstr "" #: ../../source/security.rst:23 msgid "" "**Anonymity of OnionShare users are protected by Tor.** OnionShare and " "Tor Browser protect the anonymity of the users. As long as the OnionShare" " user anonymously communicates the OnionShare address with the Tor " "Browser users, the Tor Browser users and eavesdroppers can't learn the " "identity of the OnionShare user." msgstr "" #: ../../source/security.rst:28 msgid "" "**If an attacker learns about the onion service, it still can't access " "anything.** Prior attacks against the Tor network to enumerate onion " "services allowed attackers to discover private ``.onion`` addresses. To " "access an OnionShare service from its address, the private key used for " "client authentication must be guessed (unless the service is already made" " public by turning off the private key -- see " ":ref:`turn_off_private_key`)." msgstr "" #: ../../source/security.rst:33 msgid "What OnionShare doesn't protect against" msgstr "" #: ../../source/security.rst:35 msgid "" "**Communicating the OnionShare address and private key might not be " "secure.** Communicating the OnionShare address to people is the " "responsibility of the OnionShare user. If sent insecurely (such as " "through an e-mail message monitored by an attacker), an eavesdropper can " "tell that OnionShare is being used. Eavesdroppers can access services " "that are still up by loading their addresses and/or lost key in the Tor " "Browser. Avoid this by communicating the address securely, via encrypted " "text message (probably with disappearing messages enabled), encrypted " "e-mail, or in person. This isn't necessary when using OnionShare for " "something that isn't secret." msgstr "" #: ../../source/security.rst:42 msgid "" "**Communicating the OnionShare address and private key might not be " "anonymous.** Extra precaution must be taken to ensure the OnionShare " "address is communicated anonymously. A new e-mail or chat account, only " "accessed over Tor, can be used to share the address. This isn't necessary" " unless anonymity is a goal." msgstr "" #~ msgid "Security design" #~ msgstr "" #~ msgid "" #~ "First read :ref:`how_it_works` to understand" #~ " the basics of how OnionShare works." #~ msgstr "" #~ msgid "" #~ "**Third parties don't have access to " #~ "anything that happens in OnionShare.** " #~ "When you use OnionShare, you host " #~ "services directly on your computer. For" #~ " example, when you share files with" #~ " OnionShare, you don't upload these " #~ "files to any server, and when you" #~ " start an OnionShare chat room, your" #~ " computer is the chat room server " #~ "itself. Traditional ways of sharing " #~ "files or setting up websites and " #~ "chat rooms require trusting a service" #~ " with access to your data." #~ msgstr "" #~ msgid "" #~ "**Network eavesdroppers can't spy on " #~ "anything that happens in OnionShare in" #~ " transit.** Because connections between Tor" #~ " onion services and Tor Browser are" #~ " end-to-end encrypted, no network " #~ "attackers can eavesdrop on what happens" #~ " in an OnionShare service. If the " #~ "eavesdropper is positioned on the " #~ "OnionShare user's end, the Tor Browser" #~ " user's end, or is a malicious " #~ "Tor node, they will only see Tor" #~ " traffic. If the eavesdropper is a" #~ " malicious rendezvous node used to " #~ "connect Tor Browser with OnionShare's " #~ "onion service, the traffic will be " #~ "encrypted using the onion service key." #~ msgstr "" #~ msgid "" #~ "**If an attacker learns about the " #~ "onion service, they still can't access" #~ " anything.** There have been attacks " #~ "against the Tor network that can " #~ "enumerate onion services. Even if " #~ "someone discovers the .onion address of" #~ " an OnionShare onion service, they " #~ "can't access it without also knowing " #~ "the service's random password (unless, " #~ "of course, the OnionShare users chooses" #~ " to disable the password and make " #~ "it public). The password is generated" #~ " by choosing two random words from" #~ " a list of 6800 words, meaning " #~ "there are 6800^2, or about 46 " #~ "million possible password. But they can" #~ " only make 20 wrong guesses before" #~ " OnionShare stops the server, preventing" #~ " brute force attacks against the " #~ "password." #~ msgstr "" #~ msgid "" #~ "**Communicating the OnionShare address might" #~ " not be secure.** The OnionShare user" #~ " is responsible for securely communicating" #~ " the OnionShare address with people. " #~ "If they send it insecurely (such " #~ "as through an email message, and " #~ "their email is being monitored by " #~ "an attacker), the eavesdropper will " #~ "learn that they're using OnionShare. If" #~ " the attacker loads the address in" #~ " Tor Browser before the legitimate " #~ "recipient gets to it, they can " #~ "access the service. If this risk " #~ "fits the user's threat model, they " #~ "must find a more secure way to " #~ "communicate the address, such as in " #~ "an encrypted email, chat, or voice " #~ "call. This isn't necessary in cases " #~ "where OnionShare is being used for " #~ "something that isn't secret." #~ msgstr "" #~ msgid "" #~ "**Communicating the OnionShare address might" #~ " not be anonymous.** While OnionShare " #~ "and Tor Browser allow for anonymity, " #~ "if the user wishes to remain " #~ "anonymous they must take extra steps " #~ "to ensure this while communicating the" #~ " OnionShare address. For example, they " #~ "might need to use Tor to create" #~ " a new anonymous email or chat " #~ "account, and only access it over " #~ "Tor, to use for sharing the " #~ "address. This isn't necessary in cases" #~ " where there's no need to protect " #~ "anonymity, such as co-workers who " #~ "know each other sharing work documents." #~ msgstr "" #~ msgid "" #~ "**If an attacker learns about the " #~ "onion service, it still can't access " #~ "anything.** Prior attacks against the " #~ "Tor network to enumerate onion services" #~ " allowed the attacker to discover " #~ "private .onion addresses. If an attack" #~ " discovers a private OnionShare address," #~ " a password will be prevent them " #~ "from accessing it (unless the OnionShare" #~ " user chooses to turn it off " #~ "and make it public).. The password " #~ "is generated by choosing two random " #~ "words from a list of 6800 words," #~ " making 6800^2, or about 46 million" #~ " possible passwords. Only 20 wrong " #~ "guesses can be made before OnionShare" #~ " stops the server, preventing brute " #~ "force attacks against the password." #~ msgstr "" #~ msgid "" #~ "**Communicating the OnionShare address might" #~ " not be anonymous.** Extra steps must" #~ " be taken to ensure the OnionShare" #~ " address is communicated anonymously. A " #~ "new email or chat account, only " #~ "accessed over Tor, can be used to" #~ " share the address. This isn't " #~ "necessary unless anonymity is a goal." #~ msgstr "" #~ msgid "" #~ "**If an attacker learns about the " #~ "onion service, it still can't access " #~ "anything.** Prior attacks against the " #~ "Tor network to enumerate onion services" #~ " allowed the attacker to discover " #~ "private .onion addresses. If an attack" #~ " discovers a private OnionShare address," #~ " a password will be prevent them " #~ "from accessing it (unless the OnionShare" #~ " user chooses to turn it off " #~ "and make it public). The password " #~ "is generated by choosing two random " #~ "words from a list of 6800 words," #~ " making 6800², or about 46 million" #~ " possible passwords. Only 20 wrong " #~ "guesses can be made before OnionShare" #~ " stops the server, preventing brute " #~ "force attacks against the password." #~ msgstr "" #~ msgid "" #~ "**Communicating the OnionShare address might" #~ " not be secure.** Communicating the " #~ "OnionShare address to people is the " #~ "responsibility of the OnionShare user. " #~ "If sent insecurely (such as through " #~ "an email message monitored by an " #~ "attacker), an eavesdropper can tell that" #~ " OnionShare is being used. If the " #~ "eavesdropper loads the address in Tor" #~ " Browser while the service is still" #~ " up, they can access it. To " #~ "avoid this, the address must be " #~ "communicateed securely, via encrypted text " #~ "message (probably with disappearing messages" #~ " enabled), encrypted email, or in " #~ "person. This isn't necessary when using" #~ " OnionShare for something that isn't " #~ "secret." #~ msgstr "" #~ msgid "" #~ "**Communicating the OnionShare address might" #~ " not be anonymous.** Extra precautions " #~ "must be taken to ensure the " #~ "OnionShare address is communicated " #~ "anonymously. A new email or chat " #~ "account, only accessed over Tor, can " #~ "be used to share the address. This" #~ " isn't necessary unless anonymity is " #~ "a goal." #~ msgstr "" #~ msgid "" #~ "**If an attacker learns about the " #~ "onion service, it still can't access " #~ "anything.** Prior attacks against the " #~ "Tor network to enumerate onion services" #~ " allowed the attacker to discover " #~ "private .onion addresses. If an attack" #~ " discovers a private OnionShare address," #~ " but not the private key used " #~ "for Client Authentication, they will be" #~ " prevented from accessing it (unless " #~ "the OnionShare user chooses to turn " #~ "off the private key and make it" #~ " public - see :ref:`turn_off_private_key`)." #~ msgstr "" #~ msgid "" #~ "**If an attacker learns about the " #~ "onion service, it still can't access " #~ "anything.** Prior attacks against the " #~ "Tor network to enumerate onion services" #~ " allowed the attacker to discover " #~ "private ``.onion`` addresses. If an " #~ "attack discovers a private OnionShare " #~ "address, they will also need to " #~ "guess the private key used for " #~ "client authentication in order to access" #~ " it (unless the OnionShare user " #~ "chooses make their serivce public by " #~ "turning off the private key -- see" #~ " :ref:`turn_off_private_key`)." #~ msgstr "" #~ msgid "" #~ "**Communicating the OnionShare address and " #~ "private key might not be secure.** " #~ "Communicating the OnionShare address to " #~ "people is the responsibility of the " #~ "OnionShare user. If sent insecurely " #~ "(such as through an email message " #~ "monitored by an attacker), an " #~ "eavesdropper can tell that OnionShare is" #~ " being used. If the eavesdropper " #~ "loads the address in Tor Browser " #~ "while the service is still up, " #~ "they can access it. To avoid this," #~ " the address must be communicateed " #~ "securely, via encrypted text message " #~ "(probably with disappearing messages enabled)," #~ " encrypted email, or in person. This" #~ " isn't necessary when using OnionShare " #~ "for something that isn't secret." #~ msgstr "" #~ msgid "" #~ "**Third parties don't have access to " #~ "anything that happens in OnionShare.** " #~ "Using OnionShare means hosting services " #~ "directly on your computer. When sharing" #~ " files with OnionShare, they are not" #~ " uploaded to any server. If you " #~ "make an OnionShare chat room, your " #~ "computer acts as a server for that" #~ " too. This avoids the traditional " #~ "model of having to trust the " #~ "computers of others." #~ msgstr "" #~ msgid "" #~ "**If an attacker learns about the " #~ "onion service, it still can't access " #~ "anything.** Prior attacks against the " #~ "Tor network to enumerate onion services" #~ " allowed the attacker to discover " #~ "private ``.onion`` addresses. If an " #~ "attack discovers a private OnionShare " #~ "address, they will also need to " #~ "guess the private key used for " #~ "client authentication in order to access" #~ " it (unless the OnionShare user " #~ "chooses make their service public by " #~ "turning off the private key -- see" #~ " :ref:`turn_off_private_key`)." #~ msgstr "" #~ msgid "" #~ "**Communicating the OnionShare address and " #~ "private key might not be secure.** " #~ "Communicating the OnionShare address to " #~ "people is the responsibility of the " #~ "OnionShare user. If sent insecurely " #~ "(such as through an email message " #~ "monitored by an attacker), an " #~ "eavesdropper can tell that OnionShare is" #~ " being used. If the eavesdropper " #~ "loads the address in Tor Browser " #~ "while the service is still up, " #~ "they can access it. To avoid this," #~ " the address must be communicated " #~ "securely, via encrypted text message " #~ "(probably with disappearing messages enabled)," #~ " encrypted email, or in person. This" #~ " isn't necessary when using OnionShare " #~ "for something that isn't secret." #~ msgstr "" #~ msgid "" #~ "**Communicating the OnionShare address and " #~ "private key might not be anonymous.**" #~ " Extra precautions must be taken to" #~ " ensure the OnionShare address is " #~ "communicated anonymously. A new email or" #~ " chat account, only accessed over " #~ "Tor, can be used to share the " #~ "address. This isn't necessary unless " #~ "anonymity is a goal." #~ msgstr ""