From 313696132abacabdd6248e42db5def4ca4f0898f Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Sun, 24 Apr 2022 13:45:20 +0000 Subject: [PATCH] Reduce the number of admonitions across the site (#1092) Signed-off-by: Daniel Gray --- docs/browsers.en.md | 14 ++++---------- docs/cloud.en.md | 9 +++++---- docs/dns.en.md | 4 ++-- docs/email-clients.en.md | 11 ++++++----- docs/encryption.en.md | 14 +++++++------- docs/metadata-removal-tools.en.md | 15 ++++++--------- docs/multi-factor-authentication.en.md | 10 +++++----- docs/notebooks.en.md | 4 +--- docs/passwords.en.md | 4 +--- docs/router.en.md | 5 ++--- docs/search-engines.en.md | 12 +++--------- docs/setup/integrating-metadata-removal.en.md | 3 +-- docs/vpn.en.md | 4 ++-- 13 files changed, 45 insertions(+), 64 deletions(-) diff --git a/docs/browsers.en.md b/docs/browsers.en.md index 97720909..bfe64c0c 100644 --- a/docs/browsers.en.md +++ b/docs/browsers.en.md @@ -8,8 +8,6 @@ These are our current web browser recommendations and settings. We recommend kee ### Tor Browser -!!! anonyimity "This product provides anonymity" - !!! recommendation ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right } @@ -64,10 +62,9 @@ These options can be found in the *Privacy & Security* settings page ( :material ##### Sanitize on Close -- Select **Delete cookies and site data when Firefox is closed** +If you want to stay logged in to particular sites, you can allow exceptions in **Cookies and Site Data** β†’ **Manage Exceptions...** -!!! note - You can still stay logged into websites by allowing exceptions (**Cookies and Site Data** β†’ **Manage Exceptions...**) +- Select **Delete cookies and site data when Firefox is closed** ##### Disable Search Suggestions @@ -75,8 +72,7 @@ These options can be found in the *Privacy & Security* settings page ( :material - Clear **Suggestions from sponsors** - Clear **Improve the Firefox Suggest experience** -!!! note - Search suggestion features may not be available in your region. +Search suggestion features may not be available in your region. ##### Disable Telemetry @@ -249,8 +245,6 @@ There is also [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html [Visit tosdr.org](https://tosdr.org){ .md-button .md-button--primary } [Privacy Policy](https://addons.mozilla.org/firefox/addon/terms-of-service-didnt-read/privacy){ .md-button } -!!! note - - We do not recommend installing ToS;DR as a browser extension. The same information is provided on their website. +We do not recommend installing ToS;DR as a browser extension. The same information is provided on their website. --8<-- "includes/abbreviations.en.md" diff --git a/docs/cloud.en.md b/docs/cloud.en.md index da02728f..71707a6d 100644 --- a/docs/cloud.en.md +++ b/docs/cloud.en.md @@ -68,6 +68,11 @@ When using a web client, you are placing trust in the server to send you proper ### Tahoe-LAFS +!!! note + + Due to the complexity of the system and the amount of nodes needed to set it up, Tahoe-LAFS is only recommended for seasoned system administrators. + + !!! recommendation ![Tahoe-LAFS logo](./assets/img/cloud/tahoe-lafs.svg#only-light){ align=right } @@ -85,8 +90,4 @@ When using a web client, you are placing trust in the server to send you proper - [:pg-netbsd: NetBSD](https://pkgsrc.se/filesystems/tahoe-lafs) - [:fontawesome-brands-git: Source](https://www.tahoe-lafs.org/trac/tahoe-lafs/browser) -!!! note - - Due to the complexity of the system and the amount of nodes needed to set it up, Tahoe-LAFS is only recommended for seasoned system administrators. - --8<-- "includes/abbreviations.en.md" diff --git a/docs/dns.en.md b/docs/dns.en.md index 1c8b5e8e..7e08b091 100644 --- a/docs/dns.en.md +++ b/docs/dns.en.md @@ -116,12 +116,12 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](te **dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](technology/dns.md#dnscrypt), [DNS-over-HTTPS](technology/dns.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). + !!! warning "The anonymized DNS feature does [**not**](technology/dns.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic." + [Visit github.com](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .md-button .md-button--primary } [Privacy Policy](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .md-button } ??? downloads - [:fontawesome-brands-github: Source](https://github.com/DNSCrypt/dnscrypt-proxy) -!!! warning "The anonymized DNS feature does [**not**](technology/dns.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic." - --8<-- "includes/abbreviations.en.md" diff --git a/docs/email-clients.en.md b/docs/email-clients.en.md index dd4493f0..dcab38c6 100644 --- a/docs/email-clients.en.md +++ b/docs/email-clients.en.md @@ -5,11 +5,12 @@ icon: material/email-open Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](multi-factor-authentication) and prevent account theft. ??? Attention "Email does not provide forward secrecy" + When using end-to-end encryption (E2EE) technology like [OpenPGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy), email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email. OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](email.md#email-encryption-overview). Consider using a medium that provides forward secrecy: - [Real-time Communication](real-time-communication.md){ .md-button .md-button--primary } + [Real-time Communication](real-time-communication.md){ .md-button } ### Thunderbird @@ -31,6 +32,10 @@ Our recommendation list contains email clients that support both [OpenPGP](encry ### Apple Mail +!!! note + + For iOS devices we suggest [Canary Mail](#canary-mail) as it has PGP support which means you can send end-to-end encrypted email. + !!! recommendation ![Apple Mail logo](assets/img/email-clients/applemail.png){ align=right } @@ -39,10 +44,6 @@ Our recommendation list contains email clients that support both [OpenPGP](encry [Visit apple.com](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary } [Privacy Policy](https://www.apple.com/legal/privacy/en-ww/){ .md-button } -!!! note - - For iOS devices we suggest [Canary Mail](#canary-mail) as it has PGP support which means you can send end-to-end encrypted email. - ### GNOME Evolution !!! recommendation diff --git a/docs/encryption.en.md b/docs/encryption.en.md index 72586840..ffd779c6 100644 --- a/docs/encryption.en.md +++ b/docs/encryption.en.md @@ -104,7 +104,7 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm | findstr "IsActivated IsEnabled IsOwned SpecVersion" ``` - 4. Access Windows 10 "Advanced Startup Options". (Press "reboot" while holding shift button). *Troubleshoot > Advanced Options > Command Prompt* + 4. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** β†’ **Advanced Options** β†’ **Command Prompt**. 5. Login with your account that has admin privileges and type this to start encryption: ``` @@ -157,7 +157,7 @@ We recommend storing a local recovery key in a secure place as opposed to utiliz udisksctl unlock -b /dev/loop0 ``` -!!! Warning "Remember to back up volume headers" +!!! note "Remember to back up volume headers" We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with: @@ -225,7 +225,7 @@ Tools with command-line interfaces are useful for intergrating [shell scripts](h When encrypting with PGP, the user has the option to configure different options in their `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf). -??? tip "Use future defaults when generating a key" +!!! tip "Use future defaults when generating a key" When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/): @@ -268,6 +268,10 @@ When encrypting with PGP, the user has the option to configure different options ### GPG Suite +!!! note + + We suggest [Canary Mail](email-clients/#canary-mail) for using PGP with email on iOS devices. + !!! recommendation ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } @@ -283,10 +287,6 @@ When encrypting with PGP, the user has the option to configure different options - [:fontawesome-brands-apple: macOS](https://gpgtools.org) - [:fontawesome-brands-git: Source](https://github.com/GPGTools) -!!! note - - We suggest [Canary Mail](email-clients/#canary-mail) for using PGP with email on iOS devices. - ### OpenKeychain !!! recommendation diff --git a/docs/metadata-removal-tools.en.md b/docs/metadata-removal-tools.en.md index 8413bb9d..dd160ac9 100644 --- a/docs/metadata-removal-tools.en.md +++ b/docs/metadata-removal-tools.en.md @@ -76,12 +76,14 @@ When sharing files, be sure to remove associated metadata. Image files commonly - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/de.kaffeemitkoffein.imagepipe/) - [:fontawesome-brands-git: Source](https://codeberg.org/Starfish/Imagepipe) -!!! info - - Imagepipe is only available from F-Droid and not in Google Play. If you're looking for a paint app in Google Play we suggest [Pocket Paint](https://play.google.com/store/apps/details?id=org.catrobat.paintroid). +Imagepipe is only available from F-Droid and not in Google Play. If you're looking for a paint app in Google Play we suggest [Pocket Paint](https://play.google.com/store/apps/details?id=org.catrobat.paintroid). ### Metapho +!!! attention + + Metapho is closed source. We recommend it, due to the few choices there are for iOS devices. + !!! recommendation ![Metapho logo](assets/img/metadata-removal/metapho.jpg){ align=right } @@ -94,11 +96,6 @@ When sharing files, be sure to remove associated metadata. Image files commonly - [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/metapho/id914457352) -!!! attention - - Metapho is closed source. We recommend it, due to the few choices there are for iOS devices. - - ## Command-line ### ExifTool @@ -122,7 +119,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly - [:fontawesome-brands-github: Source](https://github.com/exiftool/exiftool) -??? example "Deleting data from a directory of files" +!!! example "Deleting data from a directory of files" ```bash exiftool -all= *.file_extension diff --git a/docs/multi-factor-authentication.en.md b/docs/multi-factor-authentication.en.md index 804a156e..571ded12 100644 --- a/docs/multi-factor-authentication.en.md +++ b/docs/multi-factor-authentication.en.md @@ -41,18 +41,18 @@ Nitrokey models can be configured using the [Nitrokey app](https://www.nitrokey. For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface. - The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism's [Librem Key](https://puri.sm/products/librem-key/) is a rebranded NitroKey Pro 2 with similar firmware and can also be used for the same purposes. - - The Nitrokey has an open source firmware, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable. - !!! warning While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. -!!! attention +!!! warning Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/factory-reset.html). + The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism's [Librem Key](https://puri.sm/products/librem-key/) is a rebranded NitroKey Pro 2 with similar firmware and can also be used for the same purposes. + + The Nitrokey has an open source firmware, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable. + !!! tip The Nitrokey app, while compatible with Librem Keys, requires `libnitrokey` version 3.6 or above to recognize them. Currently, the package is outdated on Windows, macOS, and most Linux distributions' repository, so you will likely have to compile the Nitrokey app yourself to get it working with the Librem Key. On Linux, you can obtain an up-to-date version from [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app). diff --git a/docs/notebooks.en.md b/docs/notebooks.en.md index a5ec3046..4952844e 100644 --- a/docs/notebooks.en.md +++ b/docs/notebooks.en.md @@ -31,9 +31,7 @@ If you are currently using an application like Evernote, Google Keep, or Microso - [:pg-f-droid: F-Droid](https://f-droid.org/en/packages/net.cozic.joplin) - [:fontawesome-brands-github: GitHub](https://github.com/laurent22/joplin) -!!! warning - - Joplin does not support password/pin protection for the [application itself or individual notes/notebooks](https://github.com/laurent22/joplin/issues/289). Data is still encrypted in transit and at the sync location using your master key. +Joplin does not support password/pin protection for the [application itself or individual notes/notebooks](https://github.com/laurent22/joplin/issues/289). Data is still encrypted in transit and at the sync location using your master key. ### Standard Notes diff --git a/docs/passwords.en.md b/docs/passwords.en.md index d81c0333..eca617ec 100644 --- a/docs/passwords.en.md +++ b/docs/passwords.en.md @@ -34,9 +34,7 @@ These password managers store the password database locally. - [:fontawesome-brands-chrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) - [:fontawesome-brands-github: Source](https://github.com/keepassxreboot/keepassxc) -!!! warning - - KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually. +KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually. ### KeePassDX diff --git a/docs/router.en.md b/docs/router.en.md index f0679480..55d59383 100644 --- a/docs/router.en.md +++ b/docs/router.en.md @@ -6,9 +6,6 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F ### OpenWrt -!!! note - Consult the [Table of Hardware](https://openwrt.org/toh/start) to check if your device is supported. - !!! recommendation ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ align=right } @@ -22,6 +19,8 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F - [:fontawesome-brands-git: Source](https://git.openwrt.org) +You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported. + ### pfSense !!! recommendation diff --git a/docs/search-engines.en.md b/docs/search-engines.en.md index ec458c3c..85b0c672 100644 --- a/docs/search-engines.en.md +++ b/docs/search-engines.en.md @@ -20,9 +20,7 @@ Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your thr [Visit duckduckgo.com](https://duckduckgo.com){ .md-button .md-button--primary } [:pg-tor:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .md-button } [Privacy Policy](https://duckduckgo.com/privacy){ .md-button } -!!! note - - DuckDuckGo is based in the πŸ‡ΊπŸ‡Έ US. Their [Privacy Policy](https://duckduckgo.com/privacy) states they do log your search query, but not your IP or any other identifying information. +DuckDuckGo is based in the :flag_us: US. Their [Privacy Policy](https://duckduckgo.com/privacy) states they **do** log your search query, but not your IP or any other identifying information. DuckDuckGo has a [lite](https://duckduckgo.com/lite) and [html](https://duckduckgo.com/html) only version, both of which [do not require JavaScript](https://help.duckduckgo.com/features/non-javascript) and can be used with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) (append [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version). @@ -36,9 +34,7 @@ DuckDuckGo has a [lite](https://duckduckgo.com/lite) and [html](https://duckduck [Visit startpage.com](https://www.startpage.com){ .md-button .md-button--primary } [Privacy Policy](https://www.startpage.com/en/privacy-policy){ .md-button } -!!! note - - Startpage is based in the πŸ‡³πŸ‡± Netherlands. According to their [Privacy Policy](https://www.startpage.com/en/privacy-policy/), they only log details such as: operating system, type of browser and language. They do not log your IP address, search queries or other identifying information. Startpage proxies Google Search so Google does have access to your search queries. +Startpage is based in the :flag_nl: Netherlands. According to their [Privacy Policy](https://www.startpage.com/en/privacy-policy/), they only log details such as: operating system, type of browser and language. They do not log your IP address, search queries or other identifying information. Startpage proxies Google Search so Google does have access to your search queries. Startpage's majority shareholder is System1 who is an adtech company. We don't think that is an issue as they have their own Privacy Policy. The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) for clarification and was satisfied by the answers we received. @@ -52,9 +48,7 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't t [Visit mojeek.com](https://www.mojeek.com){ .md-button .md-button--primary } [Privacy Policy](https://www.mojeek.com/about/privacy){ .md-button } -!!! note - - The company is based in the πŸ‡¬πŸ‡§ UK. According to their [Privacy Policy](https://www.mojeek.com/about/privacy/), they log the originating country, time, page requested, and referral data of each query. IP addresses are not logged. +The company is based in the :flag_gb: UK. According to their [Privacy Policy](https://www.mojeek.com/about/privacy/), they log the originating country, time, page requested, and referral data of each query. IP addresses are not logged. ### Searx diff --git a/docs/setup/integrating-metadata-removal.en.md b/docs/setup/integrating-metadata-removal.en.md index b0745891..81ffe304 100644 --- a/docs/setup/integrating-metadata-removal.en.md +++ b/docs/setup/integrating-metadata-removal.en.md @@ -7,8 +7,7 @@ When sharing files, it's important to remove associated metadata. Image files co While there are plenty of metadata removal tools, they typically aren't convenient to use. The guides featured here aim to detail how to integrate metadata removal tools in a simple fashion by utilizing easy-to-access system features. -!!! tip "Related" - For a list of the metadata removal tools that we recommend, visit our [metadata removal tools](../metadata-removal-tools.md) page. +- [Recommended metadata removal tools :material-arrow-right:](../metadata-removal-tools.md) ## macOS diff --git a/docs/vpn.en.md b/docs/vpn.en.md index 62b04714..f8430938 100644 --- a/docs/vpn.en.md +++ b/docs/vpn.en.md @@ -15,7 +15,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904){ .md-button } -??? info "When are VPNs useful?" +??? question "When are VPNs useful?" If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. @@ -23,7 +23,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. ## Recommended Providers -!!! example "Criteria" +!!! summary "Criteria" Our recommended providers are outside the US, use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information.