DNSCloak - An open-source DNSCrypt and DoH client for iOS by the Center for the Cultivation of Technology gemeinnuetzige GmbH.
- Nebulo - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.
-
-
- Local DNS servers:
-
- - Stubby - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.
- - Unbound - a validating, recursive, caching DNS resolver. It can also be ran network-wide and has supported DNS-over-TLS since version 1.7.3.
-
-
-
- Network wide DNS servers:
-
- - Pi-hole - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.
- - NoTrack - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.
-
-
- Further reading:
-
-
-
diff --git a/_includes/sections/email-clients.html b/_includes/sections/email-clients.html
index f1f8f814..339b45be 100644
--- a/_includes/sections/email-clients.html
+++ b/_includes/sections/email-clients.html
@@ -3,7 +3,7 @@
{% include cardv2.html
title="Thunderbird"
image="/assets/img/tools/Thunderbird.png"
-description="Thunderbird is a free, open source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by community, previously by the Mozilla Foundation."
+description="Thunderbird is a free, open source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by the Thunderbird community, and previously by the Mozilla Foundation."
website="https://www.thunderbird.net/"
forum="https://forum.privacytools.io/t/discussion-thunderbird/659"
source="https://hg.mozilla.org/comm-central/"
diff --git a/_includes/sections/email-providers.html b/_includes/sections/email-providers.html
index 94ad17e6..a972a14d 100644
--- a/_includes/sections/email-providers.html
+++ b/_includes/sections/email-providers.html
@@ -285,13 +285,3 @@
Take it a step further and get control of your email with this easy-to-deploy mail server in a box. Mail-in-a-Box lets you become your own mail service provider in a few easy steps. It's sort of like making your own Gmail, but one you control from top
to bottom. Technically, Mail-in-a-Box turns a fresh cloud computer into a working mail server. But you don't need to be a technology expert to set it up. More: https://mailinabox.email/
-
-Related Information
-
-
- - Aging 'Privacy' Law Leaves Cloud E-Mail Open to Cops - Data stored in the cloud for longer than 6 months is considered abandoned and may be accessed by intelligence agencies without
- a warrant. Learning: Use an external email client like Thunderbird or Enigmail, download your emails and store them locally. Never leave them on the server.
- - With May First/Riseup Server Seizure, FBI Overreaches Yet Again
- - Autistici/Inventati server compromised - The cryptographic services offered by the Autistici/Inventati server have been compromised on 15th June 2004. It was discovered on 21st June 2005. One year
- later. During an enquiry on a single mailbox, the Postal Police may have tapped for a whole year every user's private communication going through the server autistici.org/inventati.org.
-
diff --git a/_includes/sections/file-encryption.html b/_includes/sections/file-encryption.html
index e39d747c..8015bf29 100644
--- a/_includes/sections/file-encryption.html
+++ b/_includes/sections/file-encryption.html
@@ -53,8 +53,8 @@
Worth Mentioning
- - Cryptomator - Free client-side AES encryption for your cloud files. Open source software: No backdoors, no registration.
+ - Cryptomator - Free client-side AES encryption for your cloud files. Open source software: No backdoors, no registration.
- Linux Unified Key Setup (LUKS) - A full disk encryption system for Linux using dm-crypt as the disk encryption backend. Included by default in Ubuntu. Available for Windows and Linux.
- - Hat.sh - A cross-platform, serverless JavaScript web application that provides secure file encryption using the AES-256-GCM algorithm in your browser. It can also be downloaded and run offline.
+ - Hat.sh - A cross-platform, serverless JavaScript web application that provides secure file encryption using the AES-256-GCM algorithm in your browser. It can also be downloaded and run offline.
- Keka - A macOS-only, open-source file archiver with the ability to encrypt files.
diff --git a/_includes/sections/file-sharing.html b/_includes/sections/file-sharing.html
index 35660d75..f2a9df75 100644
--- a/_includes/sections/file-sharing.html
+++ b/_includes/sections/file-sharing.html
@@ -4,7 +4,7 @@
title="Firefox Send"
image="/assets/img/tools/Firefox-Send.png"
website="https://send.firefox.com/"
-description="Firefox Send uses end-to-end encryption to keep your data secure from the moment you share to the moment your file is opened. It also offers security controls that you can set. You can choose when your file link expires, the number of downloads, and whether to add an optional password for an extra layer of security."
+description="Firefox Send uses end-to-end encryption to keep your data secure from the moment you share to the moment your file is opened. It also offers security controls that you can set. You can choose when your file link expires, the number of downloads, and whether you would like to add a password for an extra layer of security."
forum="https://forum.privacytools.io/t/discussion-firefox-send/755"
github="https://github.com/mozilla/send"
web="https://send.firefox.com/"
diff --git a/_includes/sections/file-sync.html b/_includes/sections/file-sync.html
index 6dea5561..4ed98463 100644
--- a/_includes/sections/file-sync.html
+++ b/_includes/sections/file-sync.html
@@ -9,7 +9,7 @@
include cardv2.html
title="Syncthing"
image="/assets/img/tools/Syncthing.png"
- description="Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third-party and how it's transmitted over the Internet."
+ description="Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third-party, and how it is transmitted over the Internet."
website="https://syncthing.net/"
forum="https://forum.privacytools.io/t/discussion-syncthing/1627/2"
github="https://github.com/syncthing?type=source"
@@ -24,7 +24,7 @@
include cardv2.html
title="SparkleShare"
image="/assets/img/tools/SparkleShare.png"
- description="SparkleShare creates a special folder on your computer. You can add remotely hosted folders (or \"projects\") to this folder. These projects will be automatically kept in sync with both the host and all of your peers when someone adds, removes or edits a file."
+ description="SparkleShare creates a special folder on your computer. You can add remotely hosted folders (or \"projects\") to this folder. These projects will be automatically kept in sync with both the host and all of your peers when someone adds, removes, or edits a file."
website="https://sparkleshare.org/"
forum="https://forum.privacytools.io/t/discussion-sparkleshare/1626"
github="https://github.com/hbons/SparkleShare"
@@ -36,7 +36,6 @@
-
- git-annex - Allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle,
- whether due to limitations in memory, time, or disk space.
+ git-annex - Allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle, whether due to limitations in memory, time, or disk space.
diff --git a/_includes/sections/instant-messenger.html b/_includes/sections/instant-messenger.html
index 7a67e563..1fab983e 100644
--- a/_includes/sections/instant-messenger.html
+++ b/_includes/sections/instant-messenger.html
@@ -1,33 +1,31 @@
- Encrypted Instant Messenger
+ Encrypted Instant Messengers
-
- We only recommend instant messenger programs or apps that support end-to-end encryption (E2EE). When E2EE is used, all transmissions (messages, voice, video, etc.) are encrypted before they are sent from your device. E2EE protects both the authenticity and confidentiality of the transmission as they pass through any part of the network (servers, etc.).
+ We only recommend instant messenger programs or apps that support end-to-end encryption (E2EE). When E2EE is used, all transmissions (messages, voice, video, etc.) are encrypted before they are sent from your device. E2EE protects both the authenticity and confidentiality of the transmission as they pass through any part of the network (servers, etc.).
- All the client programs/apps we chose are free and open-source software unless otherwise mentioned. This to ensure that the code can be independently verified by experts now and in the future.
+ All the client programs/apps we chose are free and open-source software unless otherwise mentioned. This to ensure that the code can be independently verified by experts now and in the future.
- We have described the three main types of messaging programs that exist: Centralized, Federated and Peer-to-Peer (P2P), with the advantages and disadvantages of each.
+ We have described the three main types of messaging programs that exist: Centralized, Federated and Peer-to-Peer (P2P), with the advantages and disadvantages of each.
- Centralized
+ Centralized
- Centralized messengers are those where every participant is on the same server or network of servers controlled by the same organization.
+ Centralized messengers are those where every participant is on the same server or network of servers controlled by the same organization.
- Advantages
+ Advantages
+
+ - New features and changes can be implemented more quickly.
+ - Easier to get started with and to find contacts.
+
+
+ Disadvantages
+
+ - Centralized services could be more susceptible to legislation requiring backdoor access.
+ - Can include restricted control or access. This can include things like:
- - New features and changes can be implemented more quickly.
- - Easier to get started with and to find contacts.
+ - Being forbidden from connecting third-party clients to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.
+ - Poor or no documentation for third-party developers.
-
- Disadvantages
-
-
+ The ownership, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.
+
If you are currently using an Instant Messenger like Telegram, LINE, Viber, WhatsApp, or plain SMS, you should pick an alternative here.
@@ -125,7 +123,6 @@
Other OMEMO capable clients for XMPP.
Kontalk is a community-driven instant messaging network based on XMPP.
-
Peer to Peer (P2P)
@@ -194,71 +191,9 @@
linux="https://tox.chat/download.html#oses"
%}
-
- Worth Mentioning
+ Worth Mentioning
-
-
-
-
-
-
- Recent news about breaking E2EE on centralized instant messengers
-
-
- November 2019
-
-
- October 2019
-
-
- August 2019
-
-
- July 2019
-
-
- May 2019
-
-
- January 2019
-
-
- December 2018
-
-
- Complete Comparison
-
-
- Independent security audits
-
-
+
diff --git a/_includes/sections/live-operating-systems.html b/_includes/sections/live-operating-systems.html
index bf238f36..054fe914 100644
--- a/_includes/sections/live-operating-systems.html
+++ b/_includes/sections/live-operating-systems.html
@@ -3,7 +3,7 @@
{% include cardv2.html
title="Tails"
image="/assets/img/tools/Tails.png"
-description='Tails is a live operating system that starts on almost any computer from a DVD, USB stick, or SD card. It aims at preserving privacy and anonymity, and circumventing censorship by forcing Internet connections through the Tor network; leaving no trace on the computer; and using state-of-the-art cryptographic tools to encrypt files, emails, and instant messages.'
+description='Tails is a live operating system that can boot on almost any computer from a DVD, USB stick, or SD card you control. It aims at preserving privacy and anonymity, and circumventing censorship by forcing Internet connections through the Tor network; leaving no trace on the computer; and using state-of-the-art cryptographic tools to encrypt files, emails, and instant messages.'
badges="info:GNU/Linux"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="https://tails.boum.org/"
diff --git a/_includes/sections/mobile-operating-systems.html b/_includes/sections/mobile-operating-systems.html
index b48024e7..b55ed78d 100644
--- a/_includes/sections/mobile-operating-systems.html
+++ b/_includes/sections/mobile-operating-systems.html
@@ -1,7 +1,7 @@
Mobile Operating Systems
- Even though the source code of the following OS is provided, installing Google Apps may compromise your setup.
+ Even though the source code of the following operating systems is provided, installing Google Apps may compromise your setup.
{% include cardv2.html
diff --git a/_includes/sections/notebooks.html b/_includes/sections/notebooks.html
index 9ebd9de3..6b9daaa2 100644
--- a/_includes/sections/notebooks.html
+++ b/_includes/sections/notebooks.html
@@ -24,7 +24,7 @@ chrome="https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmk
{% include cardv2.html
title="Standard Notes"
image="/assets/img/tools/StandardNotes.png"
-description='Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. Features end-to-end encryption on every platform, and a powerful desktop experience with themes and custom editors. It has also been independently audited (PDF).'
+description='Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. It features end-to-end encryption on every platform, and a powerful desktop experience with themes and custom editors. It has also been independently audited (PDF).'
website="https://standardnotes.org/"
github="https://github.com/standardnotes"
windows="https://standardnotes.org/#get-started"
diff --git a/_includes/sections/operating-systems.html b/_includes/sections/operating-systems.html
index d2ebf4cf..6d51909a 100644
--- a/_includes/sections/operating-systems.html
+++ b/_includes/sections/operating-systems.html
@@ -45,38 +45,3 @@ gitlab="https://salsa.debian.org/qa/debsources"
Whonix GNU/Linux - A Debian-based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation"
and a Tor "Gateway". All communication are forced through the Tor network to accomplish this.
-
-Warning
-
-
-
-Remember to check CPU vulnerability mitigations
-
-This also affects Windows 10, but it doesn't expose this information or mitigation instructions as easily. MacOS users check How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities on Apple Support.
-
-When running a recent enough Linux kernel, you can check the CPU vulnerabilities it detects by tail -n +1 /sys/devices/system/cpu/vulnerabilities/* . By using tail -n +1 instead of cat , the file names are also visible.
-
-
- In case you have an Intel CPU, you may notice "SMT vulnerable" display after running the tail command. To mitigate this, disable hyper-threading from the UEFI/BIOS. You can also take the following mitigation steps below if your system/distribution uses GRUB and supports /etc/default/grub.d/ :
-
-
-
- sudo mkdir /etc/default/grub.d/ to create a directory for additional grub configuration
- echo GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT l1tf=full,force mds=full,nosmt mitigations=auto,nosmt nosmt=force" | sudo tee /etc/default/grub.d/mitigations.cfg to create a new grub config file source with the echoed content
- sudo grub-mkconfig -o /boot/grub/grub.cfg to generate a new grub config file including these new kernel boot flags
- sudo reboot to reboot
- - after the reboot, check
tail -n +1 /sys/devices/system/cpu/vulnerabilities/* again to see that everything referring to SMT now says "SMT disabled."
-
-
-Further reading
-
-
diff --git a/_includes/sections/password-managers.html b/_includes/sections/password-managers.html
index 92c1f385..e22e16a3 100644
--- a/_includes/sections/password-managers.html
+++ b/_includes/sections/password-managers.html
@@ -82,9 +82,3 @@
Password Safe - Whether the answer is one or hundreds, Password Safe allows you to safely and easily create a secured and encrypted username/password list. With Password Safe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire username/password list.
-
-Related Information
-
-
diff --git a/_includes/sections/search-engines.html b/_includes/sections/search-engines.html
index 9d6bd685..d7fa9534 100644
--- a/_includes/sections/search-engines.html
+++ b/_includes/sections/search-engines.html
@@ -46,8 +46,8 @@ github="https://github.com/Qwant/"
Worth Mentioning
- - YaCy - A free-software P2P search engine powered by its users.
- - Jive Search - A free-software search engine with a similar look and feel to Google.
+ - YaCy - A free-software P2P search engine powered by its users.
+ - Jive Search - A free-software search engine with a similar look and feel to Google.
- MetaGer - An open-source metasearch engine, which is based in Germany. It focuses on protecting the user's privacy.
- Mojeek - Independent and unbiased search results with no user tracking.
diff --git a/_includes/sections/self-contained-networks.html b/_includes/sections/self-contained-networks.html
index 4ca68482..719b7940 100644
--- a/_includes/sections/self-contained-networks.html
+++ b/_includes/sections/self-contained-networks.html
@@ -58,12 +58,6 @@ netbsd="https://freenetproject.org/pages/download.html#gnulinux-posix"
github="https://github.com/freenet/"
%}
-Related Information
-
-
-
Worth Mentioning
diff --git a/_includes/sections/selfhosted-cloud.html b/_includes/sections/selfhosted-cloud.html
index 91214b93..6348cf8d 100644
--- a/_includes/sections/selfhosted-cloud.html
+++ b/_includes/sections/selfhosted-cloud.html
@@ -7,7 +7,7 @@
{% include cardv2.html
title="Nextcloud"
image="/assets/img/provider/Nextcloud.png"
-description="Nextcloud is similar in functionality to the widely used Dropbox, with the difference being that Nextcloud is free and open-source, thereby allowing anyone to install and operate it without charge on a private server with no limits on storage space or the number of connected clients."
+description="Nextcloud is a suite of client-server software for creating your own file hosting services on a private server you control. Nextcloud is free and open-source, and supports end-to-end encryption with many of its clients. The only limits on storage and bandwidth are the limits on the server provider you choose."
website="https://nextcloud.com/"
forum="https://forum.privacytools.io/t/discussion-nextcloud/287"
windows="https://nextcloud.com/install/#install-clients"
diff --git a/_includes/sections/social-networks.html b/_includes/sections/social-networks.html
index 8bd20aa2..bdbe18c8 100644
--- a/_includes/sections/social-networks.html
+++ b/_includes/sections/social-networks.html
@@ -1,13 +1,13 @@
Decentralized Social Networks
- If you are currently using Social Networks like Facebook or Twitter, you should pick an alternative here.
+ If you are currently using Social Networks like Facebook or Twitter, you should pick an alternative here.
{% include cardv2.html
title="Mastodon - Twitter Alternative"
image="/assets/img/tools/Mastodon.png"
-description='Mastodon is a social network based on open web protocols and free, open-source software. It is decentralized like email. It also has the most users, and the most diverse (in terms of interests) users; looks good; and is easy to setup. Feel welcome to join our hosted instance: social.privacytools.io'
+description='Mastodon is a social network based on open web protocols and free, open-source software. It is decentralized like email, users can exist on different servers or even different platforms but still communicate with each other. It also has the most users, and the most diverse (in terms of interests) users, it looks good, and it is easy to setup yourself. If you are looking for a server to join, you are welcome to join our hosted instance: social.privacytools.io'
website="https://joinmastodon.org/"
forum="https://forum.privacytools.io/t/discussion-mastodon/289"
github="https://github.com/tootsuite/mastodon"
@@ -26,7 +26,7 @@ web="https://joinmastodon.org/#getting-started"
{% include cardv2.html
title="diaspora* - Google+ Alternative"
image="/assets/img/tools/diaspora.png"
-description="diaspora* is based on three key philosophies: Decentralization, freedom and privacy. It is intended to address privacy concerns related to centralized social networks by allowing users set up their own server (or \"pod\") to host content; pods can then interact to share status updates, photographs, and other social data."
+description="diaspora* is based on three key philosophies: Decentralization, Freedom, and Privacy. It is intended to address privacy concerns related to centralized social networks by allowing users set up their own server (or \"pod\") to host content. Pods can then interact to share status updates, photographs, and other social data."
website="https://diasporafoundation.org/"
forum="https://forum.privacytools.io/t/discussion-diaspora/290"
github="https://github.com/diaspora/diaspora"
@@ -51,7 +51,7 @@ web="https://friendi.ca/"
{% include cardv2.html
title="PixelFed - Instagram Alternative"
image="/assets/img/provider/pixelfed.png"
-description='PixelFed is a free and ethical photo sharing platform, powered by ActivityPub federation. Pixelfed is an open-source, federated platform. You can run your own instance or join one.'
+description='PixelFed is a free and ethical photo sharing platform, powered by ActivityPub federation. Pixelfed is an open-source, federated platform. You can run your own instance or join an existing one.'
website="https://pixelfed.org/"
forum="https://forum.privacytools.io/t/discussion-pixelfed/293"
github="https://github.com/pixelfed"
@@ -73,18 +73,3 @@ web="https://gnu.io/social/"
- Minds - An open-source and distributed social networking service, integrating the blockchain to reward the community.
- Movim - A federated social platform that relies on the XMPP standard and therefore allows you to exchange with many other clients on all devices.
-
-Related Information
-
- - Mastodon: Simplified Federation - Firefox Extension to improve usability for remote Mastodon instances.
- - JustDeleteMe - A directory of direct links to delete your account from web services.
- - Forget - A service that automatically deletes your old posts on Twitter and Mastodon that everyone has forgotten about.
-
-
-Facebook Related
-
diff --git a/pages/os.html b/pages/os.html
index 924ebc33..08d138da 100644
--- a/pages/os.html
+++ b/pages/os.html
@@ -7,6 +7,41 @@ description: "Even your own computer could be compromising your privacy. Discove
{% include sections/operating-systems.html %}
+Warning
+
+
+
+Remember to check CPU vulnerability mitigations
+
+This also affects Windows 10, but it doesn't expose this information or mitigation instructions as easily. MacOS users check How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities on Apple Support.
+
+When running a recent enough Linux kernel, you can check the CPU vulnerabilities it detects by tail -n +1 /sys/devices/system/cpu/vulnerabilities/* . By using tail -n +1 instead of cat , the file names are also visible.
+
+
+ In case you have an Intel CPU, you may notice "SMT vulnerable" display after running the tail command. To mitigate this, disable hyper-threading from the UEFI/BIOS. You can also take the following mitigation steps below if your system/distribution uses GRUB and supports /etc/default/grub.d/ :
+
+
+
+ sudo mkdir /etc/default/grub.d/ to create a directory for additional grub configuration
+ echo GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT l1tf=full,force mds=full,nosmt mitigations=auto,nosmt nosmt=force" | sudo tee /etc/default/grub.d/mitigations.cfg to create a new grub config file source with the echoed content
+ sudo grub-mkconfig -o /boot/grub/grub.cfg to generate a new grub config file including these new kernel boot flags
+ sudo reboot to reboot
+ - after the reboot, check
tail -n +1 /sys/devices/system/cpu/vulnerabilities/* again to see that everything referring to SMT now says "SMT disabled."
+
+
+Further reading
+
+
+
{% include sections/live-operating-systems.html %}
{% include sections/mobile-operating-systems.html %}
diff --git a/pages/providers/dns.html b/pages/providers/dns.html
index cf1aa1e8..546f2319 100644
--- a/pages/providers/dns.html
+++ b/pages/providers/dns.html
@@ -6,3 +6,82 @@ description: "Don't let Google see all your DNS traffic. Discover privacy-centri
---
{% include sections/dns.html %}
+
+Terms
+
+
+ - DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls. DoT has two modes:
+
+ - Oppurtunistic mode: the client attempts to form a DNS-over-TLS connection to the server on port 853 without performing certificate validation. If it fails, it will use unencrypted DNS.
+ - Strict mode: the client connects to a specific hostname and performs certificate validation for it. If it fails, no DNS queries are made until it succeeds.
+
+ - DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.
+ - DNSCrypt - An older yet robust method of encrypting DNS.
+
+
+How to verify DNS is encrypted
+
+
+ - DoH / DoT
+
+ - Check DNSLeakTest.com.
+ - Check the website of your DNS provider. They may have a page for telling "you are using our DNS." Examples include AdGuard and Cloudflare.
+ - If using Firefox's trusted recursive resolver (TRR), navigate to
about:networking#dns . If the TRR column says "true" for some fields, you are using DoH.
+
+
+ - dnscrypt-proxy - Check dnscrypt-proxy's wiki on how to verify that your DNS is encrypted.
+ - DNSSEC - Check DNSSEC Resolver Test by Matthäus Wander.
+ - QNAME Minimization - Run
dig +short txt qnamemintest.internet.nl from the command-line (taken from this NLnet Labs presentation). If you are on Windows 10, run Resolve-DnsName -Type TXT -Name qnamemintest.internet.nl from the PowerShell. You should see this display: "HOORAY - QNAME minimisation is enabled on your resolver :)!"
+
+
+Software suggestions and Additional Information
+
+
+ - Encrypted DNS clients for desktop:
+
+ - Firefox comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. Currently Mozilla is conducting studies before enabling DoH by default for all US-based Firefox users.
+
+ - DNS over HTTPS can be enabled in Menu -> Preferences (
about:preferences ) -> Network Settings -> Enable DNS over HTTPS. Set "Use Provider" to "Custom", and enter your DoH provider's address.
+ - Advanced users may enable it in
about:config by setting network.trr.custom_uri and network.trr.uri as the address you find from the documentation of your DoH provider and network.trr.mode as 2 . It may also be desirable to set network.security.esni.enabled to True in order to enable encrypted SNI and make sites supporting ESNI a bit more difficult to track.
+
+
+
+ - Encrypted DNS clients for mobile:
+
+ - Android 9 comes with a DoT client by default.
+
+ - We recommend selecting Private DNS provider hostname and entering the DoT address from documentation of your DoT provider to enable strict mode (see Terms above).
+
+ - DNSCloak - An open-source DNSCrypt and DoH client for iOS by
the Center for the Cultivation of Technology gemeinnuetzige GmbH.
+ - Nebulo - An open-source application for Android supporting DoH and DoT. It also supports caching DNS responses and locally logging DNS queries.
+
+
+ - Local DNS servers:
+
+ - Stubby - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.
+ - Unbound - a validating, recursive, caching DNS resolver. It can also be ran network-wide and has supported DNS-over-TLS since version 1.7.3.
+
+
+
+ - Network wide DNS servers:
+
+ - Pi-hole - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.
+ - NoTrack - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.
+
+
+ - Further reading:
+
+
+
diff --git a/pages/providers/email.html b/pages/providers/email.html
index 83a821a0..974e0018 100644
--- a/pages/providers/email.html
+++ b/pages/providers/email.html
@@ -15,3 +15,13 @@ description: "Find a secure email provider that will keep your privacy in mind.
{% include sections/email-providers.html %}
+
+Related Information
+
+
+ - Aging 'Privacy' Law Leaves Cloud E-Mail Open to Cops - Data stored in the cloud for longer than 6 months is considered abandoned and may be accessed by intelligence agencies without
+ a warrant. Learning: Use an external email client like Thunderbird or Enigmail, download your emails and store them locally. Never leave them on the server.
+ - With May First/Riseup Server Seizure, FBI Overreaches Yet Again
+ - Autistici/Inventati server compromised - The cryptographic services offered by the Autistici/Inventati server have been compromised on 15th June 2004. It was discovered on 21st June 2005. One year
+ later. During an enquiry on a single mailbox, the Postal Police may have tapped for a whole year every user's private communication going through the server autistici.org/inventati.org.
+
diff --git a/pages/providers/social-networks.html b/pages/providers/social-networks.html
index b9ef5d77..744363c9 100644
--- a/pages/providers/social-networks.html
+++ b/pages/providers/social-networks.html
@@ -6,3 +6,18 @@ description: "Find a social network that doesn't pry into your data or monetize
---
{% include sections/social-networks.html %}
+
+Related Information
+
+ - Mastodon: Simplified Federation - Firefox Extension to improve usability for remote Mastodon instances.
+ - JustDeleteMe - A directory of direct links to delete your account from web services.
+ - Forget - A service that automatically deletes your old posts on Twitter and Mastodon that everyone has forgotten about.
+
+
+Facebook Related
+
diff --git a/pages/software/networks.html b/pages/software/networks.html
index 882cbbb7..aa86cb7f 100644
--- a/pages/software/networks.html
+++ b/pages/software/networks.html
@@ -7,3 +7,9 @@ hidedesc: true
---
{% include sections/self-contained-networks.html %}
+
+Related Information
+
+
diff --git a/pages/software/passwords.html b/pages/software/passwords.html
index eeed2e5f..8fecd68e 100644
--- a/pages/software/passwords.html
+++ b/pages/software/passwords.html
@@ -6,3 +6,9 @@ description: "Stay safe and secure online with an encrypted and open-source pass
---
{% include sections/password-managers.html %}
+
+Related Information
+
+
diff --git a/pages/software/real-time-communication.html b/pages/software/real-time-communication.html
index 9a28ab8b..d027bae2 100644
--- a/pages/software/real-time-communication.html
+++ b/pages/software/real-time-communication.html
@@ -7,6 +7,66 @@ description: "Discover secure and private ways to communicate with others online
{% include sections/instant-messenger.html %}
+
+
+
+
+ Recent news about breaking E2EE on centralized instant messengers
+
+
+November 2019
+
+
+October 2019
+
+
+August 2019
+
+
+July 2019
+
+
+May 2019
+
+
+January 2019
+
+
+December 2018
+
+
+Complete Comparison
+
+
+Independent security audits
+
+
{% include sections/voice-video-messenger.html %}
| |