mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2024-12-30 09:56:26 -05:00
Change 'utilize' to 'use' (#1710)
Co-Authored-By: Jonah Aragon <jonah@triplebit.net>
This commit is contained in:
parent
0ba070dc8e
commit
13c05dc07f
@ -266,7 +266,7 @@ Evaluate whether the additional features in the F-Droid build are worth the slow
|
||||
|
||||
#### Neo Store
|
||||
|
||||
The official F-Droid client targets a [low API level](https://wonderfall.dev/fdroid-issues/#3-low-target-api-level-sdk-for-client--apps) and does not utilize the [seamless updates](https://www.androidcentral.com/google-will-finally-bring-seamless-app-updates-alternative-app-stores-android-12) feature introduced in Android 12. Targeting lower API levels means that the F-Droid client cannot take advantage of the new improvements in the application sandboxes that comes with higher API levels. For automatic updates to work, the F-Droid client requires that the [Privileged Extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged/) be included in the operating system, granting it more privileges than what a normal app would have, which is not great for security.
|
||||
The official F-Droid client targets a [low API level](https://wonderfall.dev/fdroid-issues/#3-low-target-api-level-sdk-for-client--apps) and does not use the [seamless updates](https://www.androidcentral.com/google-will-finally-bring-seamless-app-updates-alternative-app-stores-android-12) feature introduced in Android 12. Targeting lower API levels means that the F-Droid client cannot take advantage of the new improvements in the application sandboxes that comes with higher API levels. For automatic updates to work, the F-Droid client requires that the [Privileged Extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged/) be included in the operating system, granting it more privileges than what a normal app would have, which is not great for security.
|
||||
|
||||
To mitigate these problems, we recommend [Neo Store](https://github.com/NeoApplications/Neo-Store) as it supports seamless updates on Android 12 and above without needing any special privileges and targets a higher API level.
|
||||
|
||||
|
@ -44,7 +44,7 @@ Android 9 and above support DNS over TLS. Android 13 will support DNS over HTTPS
|
||||
|
||||
The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings).
|
||||
|
||||
After installation of either a configuration profile or an app that utilizes the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings.
|
||||
After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings.
|
||||
|
||||
#### Signed Profiles
|
||||
|
||||
|
@ -369,7 +369,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
|
||||
- A valid [MTA-STS](https://tools.ietf.org/html/rfc8461) and [TLS-RPT](https://tools.ietf.org/html/rfc8460) policy.
|
||||
- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records.
|
||||
- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records.
|
||||
- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or utilize [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
|
||||
- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
|
||||
- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/).
|
||||
- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
|
||||
- Website security standards such as:
|
||||
|
@ -32,7 +32,7 @@ The options listed here are multi-platform and great for creating encrypted back
|
||||
- [:fontawesome-brands-android: Android](https://cryptomator.org/android)
|
||||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
|
||||
|
||||
Cryptomator utilizes AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
|
||||
Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders.
|
||||
|
||||
Some Cryptomator cryptographic libraries have been [audited](https://community.cryptomator.org/t/has-there-been-a-security-review-audit-of-cryptomator/44) by Cure53. The scope of the audited libraries includes: [cryptolib](https://github.com/cryptomator/cryptolib), [cryptofs](https://github.com/cryptomator/cryptofs), [siv-mode](https://github.com/cryptomator/siv-mode) and [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor). The audit did not extend to [cryptolib-swift](https://github.com/cryptomator/cryptolib-swift), which is a library used by Cryptomator for iOS.
|
||||
|
||||
@ -84,7 +84,7 @@ Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/Tru
|
||||
|
||||
## OS Full Disk Encryption
|
||||
|
||||
Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will utilize a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor).
|
||||
Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will have a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor).
|
||||
|
||||
### BitLocker
|
||||
|
||||
@ -146,7 +146,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o
|
||||
|
||||
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
|
||||
|
||||
We recommend storing a local recovery key in a secure place as opposed to utilizing iCloud FileVault recovery. As well, FileVault should be enabled **after** a complete macOS installation as more pseudorandom number generator ([PRNG](https://support.apple.com/guide/security/random-number-generation-seca0c73a75b/web)) [entropy](https://en.wikipedia.org/wiki/Entropy_(computing)) will be available.
|
||||
We recommend storing a local recovery key in a secure place as opposed to using iCloud FileVault recovery. As well, FileVault should be enabled **after** a complete macOS installation as more pseudorandom number generator ([PRNG](https://support.apple.com/guide/security/random-number-generation-seca0c73a75b/web)) [entropy](https://en.wikipedia.org/wiki/Entropy_(computing)) will be available.
|
||||
|
||||
### Linux Unified Key Setup
|
||||
|
||||
|
@ -50,7 +50,7 @@ It's important for a website like Privacy Guides to always stay up-to-date. We n
|
||||
|
||||
**Privacy Guides** is a non-profit, socially motivated website that provides information for protecting your data security and privacy.
|
||||
|
||||
We do not make money from recommending certain products, and we do not utilize affiliate links.
|
||||
We do not make money from recommending certain products, and we do not use affiliate links.
|
||||
<div class="grid cards" style="margin:auto;max-width:800px;text-align:center;" markdown>
|
||||
|
||||
- [:material-information-outline: Learn More About Us](about/)
|
||||
|
@ -6,7 +6,7 @@ icon: pg/qubes-os
|
||||
|
||||
![Qubes OS logo](assets/img/qubes/qubes_os.svg){ align=right }
|
||||
|
||||
**Qubes OS** is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers.
|
||||
**Qubes OS** is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and use most of the Linux drivers.
|
||||
|
||||
[:octicons-home-16: Homepage](https://www.qubes-os.org/){ .md-button .md-button--primary }
|
||||
[:pg-tor:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title=Onion }
|
||||
@ -16,4 +16,4 @@ icon: pg/qubes-os
|
||||
|
||||
!!! info
|
||||
|
||||
This page is a work-in-progress. Expect more thorough information on Qubes OS in the future.
|
||||
This page is a work-in-progress. Expect more thorough information on Qubes OS in the future.
|
||||
|
@ -77,7 +77,7 @@ The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matr
|
||||
|
||||
**Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
|
||||
|
||||
Session utilizes the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
|
||||
Session uses the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
|
||||
|
||||
[:octicons-home-16: Homepage](https://getsession.org/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
@ -178,7 +178,7 @@ When self-hosted, members of a federated server can discover and communicate wit
|
||||
- Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.
|
||||
- Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion.
|
||||
- Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
|
||||
- Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.
|
||||
- Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is used.
|
||||
- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with members of those servers.
|
||||
|
||||
### Peer-to-Peer Networks
|
||||
|
@ -279,7 +279,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
|
||||
|
||||
??? info "Operating System Disk Encryption"
|
||||
|
||||
For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically utilize hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.
|
||||
For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.
|
||||
|
||||
[Learn more :hero-arrow-circle-right-fill:](encryption.md##operating-system-included-full-disk-encryption-fde)
|
||||
|
||||
|
@ -66,7 +66,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
??? check "WireGuard Support"
|
||||
|
||||
Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that utilizes state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
|
||||
|
||||
@ -119,7 +119,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
??? check "WireGuard Support"
|
||||
|
||||
IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that utilizes state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
|
||||
@ -181,7 +181,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
|
||||
|
||||
??? check "WireGuard Support"
|
||||
|
||||
Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that utilizes state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
|
||||
|
||||
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
|
||||
|
||||
|
@ -7,7 +7,7 @@ site_description: |
|
||||
Privacy Guides is your central privacy and security resource to protect yourself online.
|
||||
copyright: |
|
||||
<b>Privacy Guides</b> is a non-profit, socially motivated website that provides information for protecting your data security and privacy.<br>
|
||||
We do not make money from recommending certain products, and we do not utilize affiliate links.<br>
|
||||
We do not make money from recommending certain products, and we do not use affiliate links.<br>
|
||||
This content was made available by the Privacy Guides team and contributors. <a href="https://github.com/privacyguides/privacyguides">Get involved</a>!
|
||||
|
||||
extra:
|
||||
|
Loading…
Reference in New Issue
Block a user