From 31b89aa9b0d6ad18c3cdafd4972cdac0990d2e00 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Tue, 3 Dec 2024 02:12:17 -0600 Subject: [PATCH 1/7] docs: Link to our shiny, new donations page (#2828) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> --- .github/CODEOWNERS | 59 +++++++++++++++++++++++++++----------------- docs/about.md | 2 +- docs/about/donate.md | 17 +++++++------ docs/about/jobs.md | 2 +- docs/index.md | 2 +- mkdocs.yml | 2 +- theme/main.html | 4 +-- 7 files changed, 53 insertions(+), 35 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index c2529d26..cd2ffc0e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,30 @@ +# Org + +/docs/about/ @jonaharagon +CODE_OF_CONDUCT.md @jonaharagon +CITATION.cff @jonaharagon +LICENSE @jonaharagon @dngray +LICENSE-CODE @jonaharagon +README.md @jonaharagon @dngray + +# Config + +/mkdocs.yml @jonaharagon +/mkdocs.blog.yml @jonaharagon +/crowdin.yml @jonaharagon +/includes/ @jonaharagon + +# Ops + +Dockerfile @jonaharagon +/Pipfile @jonaharagon +/Pipfile.lock @jonaharagon +/.github/ @jonaharagon +/run.sh @jonaharagon +/modules/ @jonaharagon + # High-traffic pages + /blog/index.md @jonaharagon @freddy-m /docs/index.md @jonaharagon @dngray /theme/home.html @jonaharagon @dngray @@ -7,14 +33,25 @@ /theme/partials/ @jonaharagon /theme/layouts/ @jonaharagon +# Financial-Related + +/docs/about/donate.md @jonaharagon @SamsungGalaxyPlayer +/docs/cryptocurrency.md @jonaharagon @SamsungGalaxyPlayer +/docs/financial-services.md @jonaharagon @SamsungGalaxyPlayer +/docs/advanced/payments.md @jonaharagon @SamsungGalaxyPlayer + # Blog authors + /blog/.authors.yml @jonaharagon @dngray @freddy-m +/blog/author/ @jonaharagon @dngray @freddy-m /blog/author/dngray.md @dngray /blog/author/freddy.md @freddy-m /blog/author/jonah.md @jonaharagon /blog/author/niek-de-wilde.md @blacklight447 # Blog posts + +/blog/posts/ @jonaharagon /blog/posts/firefox-privacy-2021-update.md @dngray /blog/posts/firefox-privacy.md @jonaharagon /blog/posts/hide-nothing.md @freddy-m @@ -27,25 +64,3 @@ /blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md @jonaharagon /blog/posts/virtual-insanity.md @freddy-m /blog/posts/welcome-to-privacy-guides.md @jonaharagon - -# Org -/docs/about/ @jonaharagon -CODE_OF_CONDUCT.md @jonaharagon -CITATION.cff @jonaharagon -LICENSE @jonaharagon @dngray -LICENSE-CODE @jonaharagon -README.md @jonaharagon @dngray - -# Config -/mkdocs.yml @jonaharagon -/mkdocs.blog.yml @jonaharagon -/crowdin.yml @jonaharagon -/includes/ @jonaharagon - -# Ops -Dockerfile @jonaharagon -/Pipfile @jonaharagon -/Pipfile.lock @jonaharagon -/.github/ @jonaharagon -/run.sh @jonaharagon -/modules/ @jonaharagon diff --git a/docs/about.md b/docs/about.md index 1157f044..3aa431ef 100644 --- a/docs/about.md +++ b/docs/about.md @@ -19,7 +19,7 @@ schema: **Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit project with a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity. Our website is free of advertisements and not affiliated with any of the listed providers. -[:material-heart:{.pg-red} Make a Donation](about/donate.md){ .md-button .md-button--primary } +[:material-heart:{.pg-red} Make a Donation](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary } [:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage } [:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } diff --git a/docs/about/donate.md b/docs/about/donate.md index 4f168a5f..fa8cfc2f 100644 --- a/docs/about/donate.md +++ b/docs/about/donate.md @@ -9,15 +9,20 @@ Privacy Guides has been a nonstop effort for over 5 years to stay up to date wit ## Donate -Currently, the best way to support our work is to send a monthly or one-time contribution via GitHub Sponsors. We will be able to accept donations via alternate payment platforms very soon. +MAGIC Grants is our fiscal host, and their custom, open-source donation platform allows you to donate to our project with **Monero**, **Bitcoin**, or **debit/credit card**. -[:material-heart:{ .pg-red } Sponsor us on GitHub](https://github.com/sponsors/privacyguides){ class="md-button md-button--primary" } +[:material-heart:{ .pg-red } Donate](https://donate.magicgrants.org/privacyguides){ class="md-button md-button--primary" } +[Sponsor on GitHub](https://github.com/sponsors/privacyguides){ class="md-button" } -A new donation platform we control to make donating easier will be deployed soon. In the meantime, if you'd like to arrange a donation (including with cryptocurrency), please reach out to [info@magicgrants.org](mailto:info@magicgrants.org). +Donating with Monero will maximize your donation by lowering our transaction fees while simultaneously [preserving your privacy](../cryptocurrency.md), win-win! You can also donate to us via GitHub Sponsors if you prefer, or if you would like to publicize your support. GitHub does not charge us any fees if you donate as an individual, but may charge us fees if you donate with a GitHub organization, if this is a concern for you. ## How We Use Donations -Privacy Guides is a **non-profit** organization. We use donations for a variety of purposes, including: +Privacy Guides is a **non-profit** project. Your donation will go to a [dedicated fund](https://magicgrants.org/funds/privacy_guides) within [MAGIC Grants](https://magicgrants.org), a 501(c)(3) organization and our fiscal host. The funds will **only** be used for this project specifically. + +You may qualify for a tax deduction. When you donate to us [here](https://donate.magicgrants.org/privacyguides) with cryptocurrency or card you have the option to receive a receipt from MAGIC Grants for this purpose. If you have questions about other transactions please email . + +We use donations for a variety of purposes, including: **Web Hosting** @@ -25,7 +30,7 @@ Privacy Guides is a **non-profit** organization. We use donations for a variety **Payroll** -: We currently have one paid part-time [position](../about.md#staff) which handles day-to-day tasks like system administration, writing regular product reviews, posting our weekly show, creating course content, etc. In the future, we would like to be able to hire full-time journalists and writers to review products and create more educational content. +: We are endeavoring to [hire](jobs.md) full-time journalists and writers to review products and create more educational content on a regular basis. **Domain Registrations** @@ -39,8 +44,6 @@ Privacy Guides is a **non-profit** organization. We use donations for a variety : We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). -Your donation will go to a [dedicated fund](https://magicgrants.org/funds/privacy_guides) within [MAGIC Grants](https://magicgrants.org), a 501(c)(3) organization. The funds will only be used for this project specifically. You may qualify for a tax deduction. If you need a donation receipt, please email . - Thank you to all those who support our mission! :material-heart:{ .pg-red } We strictly **cannot** use donations to support political campaigns/candidates or attempt to influence legislation. Earnings also will **not** inure to the benefit of any private shareholder or individual. diff --git a/docs/about/jobs.md b/docs/about/jobs.md index a3383e49..86d85497 100644 --- a/docs/about/jobs.md +++ b/docs/about/jobs.md @@ -3,7 +3,7 @@ title: Job Openings description: Privacy Guides has a small, remote team of privacy researchers and advocates. Any open positions we may have in the future will be posted here. --- -Privacy Guides has a small, remote team of privacy researchers and advocates working to further our mission of protecting free expression and promoting privacy-respecting technology. As a non-profit, we are expanding very slowly to ensure the project is sustainable in the long term. All of our team members are listed [here](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all). Please consider [donating](donate.md) to support our cause. +Privacy Guides has a small, remote team of privacy researchers and advocates working to further our mission of protecting free expression and promoting privacy-respecting technology. As a non-profit, we are expanding very slowly to ensure the project is sustainable in the long term. All of our team members are listed [here](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all). Please consider [donating](https://donate.magicgrants.org/privacyguides) to support our cause. We are occasionally looking for strong journalistic writers, product reviewers, and privacy experts to help us out, and any open positions will be posted below. diff --git a/docs/index.md b/docs/index.md index 43d208fa..17ed8b09 100644 --- a/docs/index.md +++ b/docs/index.md @@ -70,7 +70,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
**Privacy Guides** has a dedicated [community](https://discuss.privacyguides.net) independently reviewing various *privacy tools* and services. Each of our recommendations comply with a strict set of criteria to ensure they provide the most value to most people, and provide the best balance of privacy, security, and convenience. As part of a non-profit **public charity**, Privacy Guides has strict **journalistic standards** and policies to ensure our recommendations are free of conflict of interest, and we do not partner with providers or affiliate programs that could sway our reviews and recommendations. -[:material-heart:{.pg-red} Support Our Work](about/donate.md){ .md-button .md-button--primary } +[:material-heart:{.pg-red} Support Our Work](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary }
- [x] **Ad-Free Recommendations** diff --git a/mkdocs.yml b/mkdocs.yml index b28359f1..1ce6360c 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -466,7 +466,7 @@ nav: - "meta/uploading-images.md" - "meta/git-recommendations.md" - "meta/commit-messages.md" - - "about/donate.md" + - !ENV [NAV_DONATE, "Donate"]: https://donate.magicgrants.org/privacyguides - !ENV [NAV_CHANGELOG, "Changelog"]: "https://github.com/privacyguides/privacyguides.org/releases" - !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/" diff --git a/theme/main.html b/theme/main.html index 443f389f..ab042e0e 100644 --- a/theme/main.html +++ b/theme/main.html @@ -93,12 +93,12 @@ {% endif %} {% endblock %} -{% if config.theme.language == "en" %} +{% if config.theme.language == "en" and config.extra.context == "production" %} {% block announce %} We don't run ads, we don't use affiliate links, and we don't have paywalls. We rely on our readers to build this community and spread the word.
If you've received $3 worth of knowledge here, please donate today if you're able to. It really helps. - + {% include ".icons/material/heart.svg" %} From 4d7c331984dbfc1572f71ca9803e7d3998a3d97d Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Thu, 12 Dec 2024 10:26:16 -0600 Subject: [PATCH 2/7] style: Collapse blog sidebar navigation sections (#2832) Signed-off-by: Daniel Gray Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Signed-off-by: fria <138676274+friadev@users.noreply.github.com> --- blog/tags.md | 2 +- mkdocs.blog.yml | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/blog/tags.md b/blog/tags.md index 612ab842..98e6010a 100644 --- a/blog/tags.md +++ b/blog/tags.md @@ -1,3 +1,3 @@ -# Tag Index +# Tags diff --git a/mkdocs.blog.yml b/mkdocs.blog.yml index b4908986..7e3d8b5b 100644 --- a/mkdocs.blog.yml +++ b/mkdocs.blog.yml @@ -109,8 +109,6 @@ theme: - announce.dismiss - navigation.tracking - navigation.tabs - - navigation.sections - - navigation.expand - navigation.path - navigation.indexes - navigation.footer @@ -212,8 +210,8 @@ nav: - !ENV [NAV_RECOMMENDATIONS, "Recommendations"]: /en/tools/ - !ENV [NAV_BLOG, "Articles"]: - index.md - - tags.md - editorial.md + - tags.md - !ENV [NAV_ABOUT, "About"]: /en/about/ - "Donate": /en/about/donate/ - !ENV [NAV_CHANGELOG, "Changelog"]: From 091a64fbe9234d6eb1d124cd1d96f6f4ac9233d6 Mon Sep 17 00:00:00 2001 From: Jonah Aragon Date: Thu, 12 Dec 2024 17:44:04 -0600 Subject: [PATCH 3/7] docs: Close filled job openings (#2834) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> --- docs/about/jobs.md | 20 +------------------- docs/about/jobs/content-creator.md | 14 +++++++++++++- docs/about/jobs/intern-news.md | 4 ---- docs/about/jobs/journalist.md | 14 +++++++++++++- 4 files changed, 27 insertions(+), 25 deletions(-) diff --git a/docs/about/jobs.md b/docs/about/jobs.md index 86d85497..598c21d2 100644 --- a/docs/about/jobs.md +++ b/docs/about/jobs.md @@ -11,22 +11,4 @@ We are occasionally looking for strong journalistic writers, product reviewers, ## Open Positions -
- -- :material-video-box:{ .lg .middle } **Content Creator** - - --- - - Full-Time | Remote | \$20-$25/hour - - [View posting :material-arrow-right-drop-circle:](jobs/content-creator.md) - -- :material-file-document-edit:{ .lg .middle } **Journalist** - - --- - - Full-Time | Remote | \$20-$25/hour - - [View posting :material-arrow-right-drop-circle:](jobs/journalist.md) - -
+There are no open positions at this time. diff --git a/docs/about/jobs/content-creator.md b/docs/about/jobs/content-creator.md index c1b2ea9e..c6e55258 100644 --- a/docs/about/jobs/content-creator.md +++ b/docs/about/jobs/content-creator.md @@ -5,6 +5,13 @@ description: Privacy Guides is looking for a video producer and host for informa [:material-arrow-left-drop-circle: Job Openings](../jobs.md) +
+

Position Closed

+ +Thank you for your interest in this position at Privacy Guides. At this time we are no longer accepting new applications, but please follow our [job openings](../jobs.md) page to learn about future opportunities. + +
+ Are you passionate about privacy and cybersecurity? Privacy Guides is an international nonprofit dedicated to producing top-tier, unbiased educational content and journalism, and to fostering safe and informative online communities to discuss technical topics around improving personal privacy and cybersecurity. @@ -53,7 +60,12 @@ For this position, our hiring pay range falls between \$20-$25 / hour USD. The b --- -**To apply, please send a video cover letter (no more than 5 minutes) and resume to , and include the name of this position in the subject line. Feel free to include any other information or examples of your work that you think we may find relevant if you'd like.** +
+

Position Closed

+ +Thank you for your interest in this position at Privacy Guides. At this time we are no longer accepting new applications, but please follow our [job openings](../jobs.md) page to learn about future opportunities. + +
Privacy Guides is fiscally hosted by [MAGIC Grants](https://magicgrants.org), a 501(c)(3) public charity. MAGIC Grants is an equal opportunity employer. MAGIC Grants does not discriminate against any applicant or employee because of age, color, sex, disability, national origin, race, religion, sexual orientation, sexual identity, veteran status, or other protected characteristic. diff --git a/docs/about/jobs/intern-news.md b/docs/about/jobs/intern-news.md index 6bbe2846..0ee6965c 100644 --- a/docs/about/jobs/intern-news.md +++ b/docs/about/jobs/intern-news.md @@ -10,8 +10,6 @@ description: Privacy Guides is looking for an intern to discover and promote rel Thank you for your interest in this position at Privacy Guides. At this time we are no longer accepting new applications, but please follow our [job openings](../jobs.md) page to learn about future opportunities. -As of November 14, 2024, we may still be reaching out to existing candidates. If you previously applied, please keep an eye on your inbox! - Are you passionate about privacy and cybersecurity? @@ -49,8 +47,6 @@ This is a 6-month contract paying $15 / hour USD, with the optional opportunity Thank you for your interest in this position at Privacy Guides. At this time we are no longer accepting new applications, but please follow our [job openings](../jobs.md) page to learn about future opportunities. -As of November 14, 2024, we may still be reaching out to existing candidates. If you previously applied, please keep an eye on your inbox! - Privacy Guides is fiscally hosted by [MAGIC Grants](https://magicgrants.org), a 501(c)(3) public charity. MAGIC Grants is an equal opportunity employer. MAGIC Grants does not discriminate against any applicant or employee because of age, color, sex, disability, national origin, race, religion, sexual orientation, sexual identity, veteran status, or other protected characteristic. diff --git a/docs/about/jobs/journalist.md b/docs/about/jobs/journalist.md index 10fb32bd..e577fa89 100644 --- a/docs/about/jobs/journalist.md +++ b/docs/about/jobs/journalist.md @@ -5,6 +5,13 @@ description: Privacy Guides is looking for a determined and focused journalist t [:material-arrow-left-drop-circle: Job Openings](../jobs.md) +
+

Position Closed

+ +Thank you for your interest in this position at Privacy Guides. At this time we are no longer accepting new applications, but please follow our [job openings](../jobs.md) page to learn about future opportunities. + +
+ Are you passionate about privacy and cybersecurity? Privacy Guides is an international nonprofit dedicated to producing top-tier, unbiased educational content and journalism, and to fostering safe and informative online communities to discuss technical topics around improving personal privacy and cybersecurity. @@ -54,7 +61,12 @@ For this position, our hiring pay range falls between \$20-$25 / hour USD. The b --- -**To apply, please send a cover letter and resume to , and include the name of this position in the subject line. Feel free to include any other information or examples of your work that you think we may find relevant if you'd like.** +
+

Position Closed

+ +Thank you for your interest in this position at Privacy Guides. At this time we are no longer accepting new applications, but please follow our [job openings](../jobs.md) page to learn about future opportunities. + +
Privacy Guides is fiscally hosted by [MAGIC Grants](https://magicgrants.org), a 501(c)(3) public charity. MAGIC Grants is an equal opportunity employer. MAGIC Grants does not discriminate against any applicant or employee because of age, color, sex, disability, national origin, race, religion, sexual orientation, sexual identity, veteran status, or other protected characteristic. From b0830edb4a6bb4a4044e4aa57751b80cfa9ab6f0 Mon Sep 17 00:00:00 2001 From: fria <138676274+friadev@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:08:16 +0000 Subject: [PATCH 4/7] update!: Remove Hypatia, DivestOS, and Mull in light of support ending (#2839) Signed-off-by: blacklight447 Signed-off-by: Mare Polaris <15004290+ph00lt0@users.noreply.github.com> Signed-off-by: Freddy --- docs/android/distributions.md | 43 ------------------ docs/device-integrity.md | 40 ----------------- docs/mobile-browsers.md | 44 ------------------- docs/tools.md | 10 ----- theme/assets/img/android/divestos.svg | 1 - theme/assets/img/browsers/mull.svg | 1 - .../img/device-integrity/hypatia-dark.svg | 1 - theme/assets/img/device-integrity/hypatia.svg | 1 - 8 files changed, 141 deletions(-) delete mode 100644 theme/assets/img/android/divestos.svg delete mode 100644 theme/assets/img/browsers/mull.svg delete mode 100644 theme/assets/img/device-integrity/hypatia-dark.svg delete mode 100644 theme/assets/img/device-integrity/hypatia.svg diff --git a/docs/android/distributions.md b/docs/android/distributions.md index af5bfe76..2fd43ee4 100644 --- a/docs/android/distributions.md +++ b/docs/android/distributions.md @@ -19,17 +19,6 @@ schema: "@context": http://schema.org "@type": WebPage url: "./" - - - "@context": http://schema.org - "@type": CreativeWork - name: Divest - image: /assets/img/android/divestos.svg - url: https://divestos.org/ - sameAs: https://en.wikipedia.org/wiki/DivestOS - subjectOf: - "@context": http://schema.org - "@type": WebPage - url: "./" robots: nofollow, max-snippet:-1, max-image-preview:large --- Protects against the following threat(s): @@ -70,38 +59,6 @@ By default, Android makes many network connections to Google to perform DNS conn If you want to hide information like this from an adversary on your network or ISP, you **must** use a [trusted VPN](../vpn.md) in addition to changing the connectivity check setting to **Standard (Google)**. It can be found in :gear: **Settings** → **Network & internet** → **Internet connectivity checks**. This option allows you to connect to Google's servers for connectivity checks, which, alongside the usage of a VPN, helps you blend in with a larger pool of Android devices. -### DivestOS - -If GrapheneOS isn't compatible with your phone, DivestOS is a good alternative. It supports a wide variety of phones with *varying* levels of security protections and quality control. - -
- -![DivestOS logo](../assets/img/android/divestos.svg){ align=right } - -**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org). -DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](../os/android-overview.md#verified-boot) on some non-Pixel devices. Not all supported devices support verified boot or other security features. - -[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary } -[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" } -[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title="Documentation" } -[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" } -[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title="Contribute" } - -
- -The [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) of firmware updates in particular will vary significantly depending on your phone model. While standard AOSP bugs and vulnerabilities can be fixed with standard software updates like those provided by DivestOS, some vulnerabilities cannot be patched without support from the device manufacturer, making end-of-life devices less safe even with an up-to-date alternative ROM like DivestOS. - -DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [control-flow integrity](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. - -DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. - -DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's `INTERNET` and `SENSORS` permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), Java Native Interface [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features per-network full MAC address randomization, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, automatic reboot, and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction). - -DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repository, [DivestOS Official](https://divestos.org/fdroid/official). For these apps you should continue to use F-Droid **with the DivestOS repository enabled** to keep those components up to date. For other apps, our recommended [methods of obtaining them](obtaining-apps.md) still apply. - -DivestOS replaces many of Android's background network connections to Google services with alternative services, such as using OpenEUICC for eSIM activation, NTP.org for network time, and Quad9 for DNS. These connections can be modified, but their deviation from a standard Android phone's network connections could mean it is easier for an adversary on your network to deduce what operating system you have installed on your phone. If this is a concern to you, consider using a [trusted VPN](../vpn.md) and enabling the native VPN [kill switch](../os/android-overview.md#vpn-killswitch) to hide this network traffic from your local network and ISP. - ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/docs/device-integrity.md b/docs/device-integrity.md index 9c7b5fd6..f71fdb18 100644 --- a/docs/device-integrity.md +++ b/docs/device-integrity.md @@ -187,43 +187,3 @@ It is important to note that Auditor can only effectively detect changes **after No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring. If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. - -## On-Device Scanners - -Protects against the following threat(s): - -- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } - -These are apps you can install on your device which scan your device for signs of compromise. - -
-

Warning

- -Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. - -
- -### Hypatia (Android) - -
- -![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right } -![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right } - -**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally). - -[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary } -[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" } -[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" } -[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute } - -
-Downloads - -- [:simple-fdroid: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner) - -
- -
- -Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors) for advice. diff --git a/docs/mobile-browsers.md b/docs/mobile-browsers.md index d4e16839..5307081f 100644 --- a/docs/mobile-browsers.md +++ b/docs/mobile-browsers.md @@ -262,50 +262,6 @@ These options can be found in :material-menu: → :gear: **Settings** → **Lega This disables update checks for the unmaintained Bromite adblock filter. -## Mull (Android) - -
- -![Mull logo](assets/img/browsers/mull.svg){ align=right } - -**Mull** is a privacy oriented and deblobbed Android browser based on Firefox. Compared to Firefox, it offers much greater fingerprinting protection out of the box, and disables JavaScript Just-in-Time (JIT) compilation for enhanced security. It also removes all proprietary elements from Firefox, such as replacing Google Play Services references. - -[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#mull){ .md-button .md-button--primary } -[:octicons-eye-16:](https://divestos.org/pages/privacy_policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://divestos.org/pages/browsers#tuningFenix){ .card-link title="Documentation" } -[:octicons-code-16:](https://codeberg.org/divested-mobile/mull-fenix){ .card-link title="Source Code" } - -
-Downloads - -- [:simple-fdroid: F-Droid](https://f-droid.org/en/packages/us.spotco.fennec_dos) - -
- -
- -
-

Danger

- -Firefox (Gecko)-based browsers on Android [lack](https://bugzilla.mozilla.org/show_bug.cgi?id=1610822) [site isolation](https://wiki.mozilla.org/Project_Fission),[^1] a powerful security feature that protects against a malicious site performing a [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability))-like attack to gain access to the memory of another website you have open.[^2] Chromium-based browsers like [Brave](#brave) will provide more robust protection against malicious websites. - -
- -[^1]: This should not be mistaken for [state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning) (or dynamic [first party isolation](https://2019.www.torproject.org/projects/torbrowser/design/#identifier-linkability)), where website data such as cookies and cache is restricted so that a third-party embedded in one top-level site cannot access data stored under another top-level site. This is an important privacy feature to prevent cross-site tracking and **is** supported by Firefox on Android. -[^2]: GeckoView also [does not](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196) take advantage of Android's native process sandboxing by using the [isolatedProcess](https://developer.android.com/guide/topics/manifest/service-element#isolated) flag, which normally allows an app to safely run less trusted code in a separate process that has no permissions of its own. - -Enable DivestOS's [F-Droid repository](https://divestos.org/fdroid/official) to receive updates directly from the developer. Downloading Mull from the default F-Droid repo will mean your updates could be delayed by a few days or longer. - -Mull enables many features upstreamed by the [Tor uplift project](https://wiki.mozilla.org/Security/Tor_Uplift) using preferences from [Arkenfox](desktop-browsers.md#arkenfox-advanced). Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid. - -### Recommended Mull Configuration - -We would suggest installing [uBlock Origin](browser-extensions.md#ublock-origin) as a content blocker if you want to block trackers within Mull. - -Mull comes with privacy protecting settings configured by default. You might consider configuring the **Delete browsing data on quit** options in Mull's settings if you want to close all your open tabs when quitting the app automatically, or clear other data such as browsing history and cookies automatically. - -Because Mull has more advanced and strict privacy protections enabled by default compared to most browsers, some websites may not load or work properly unless you adjust those settings. You can consult this [list of known issues and workarounds](https://divestos.org/pages/broken#mull) for advice on a potential fix if you do encounter a broken site. Adjusting a setting in order to fix a website could impact your privacy/security, so make sure you fully understand any instructions you follow. - ## Safari (iOS) On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Chromium engine like its counterparts on other operating systems. diff --git a/docs/tools.md b/docs/tools.md index 90c4d7d2..c159553d 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -84,14 +84,6 @@ For more details about each project, why they were chosen, and additional tips o - [Read Full Review :material-arrow-right-drop-circle:](mobile-browsers.md#cromite-android) -- ![Mull logo](assets/img/browsers/mull.svg){ .lg .middle .twemoji } **Mull (Android)** - - --- - - **Mull** is a Firefox-based browser for Android centered around privacy and removing proprietary components. - - - [Read Full Review :material-arrow-right-drop-circle:](mobile-browsers.md#mull-android) - - ![Safari logo](assets/img/browsers/safari.svg){ .lg .middle .twemoji } **Safari (iOS)** --- @@ -626,7 +618,6 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos) -- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
@@ -707,7 +698,6 @@ These tools may provide utility for certain individuals. They provide functional - ![MVT logo](assets/img/device-integrity/mvt.webp){ .twemoji loading=lazy } [Mobile Verification Toolkit](device-integrity.md#mobile-verification-toolkit) - ![iMazing logo](assets/img/device-integrity/imazing.png){ .twemoji loading=lazy } [iMazing (iOS)](device-integrity.md#imazing-ios) - ![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ .twemoji loading=lazy }![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ .twemoji loading=lazy } [Auditor (Android)](device-integrity.md#auditor-android) -- ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ .twemoji loading=lazy }![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ .twemoji loading=lazy } [Hypatia (Android)](device-integrity.md#hypatia-android) diff --git a/theme/assets/img/android/divestos.svg b/theme/assets/img/android/divestos.svg deleted file mode 100644 index 38d8520c..00000000 --- a/theme/assets/img/android/divestos.svg +++ /dev/null @@ -1 +0,0 @@ - diff --git a/theme/assets/img/browsers/mull.svg b/theme/assets/img/browsers/mull.svg deleted file mode 100644 index 485adc39..00000000 --- a/theme/assets/img/browsers/mull.svg +++ /dev/null @@ -1 +0,0 @@ - diff --git a/theme/assets/img/device-integrity/hypatia-dark.svg b/theme/assets/img/device-integrity/hypatia-dark.svg deleted file mode 100644 index f18d66a2..00000000 --- a/theme/assets/img/device-integrity/hypatia-dark.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/theme/assets/img/device-integrity/hypatia.svg b/theme/assets/img/device-integrity/hypatia.svg deleted file mode 100644 index 99c06be6..00000000 --- a/theme/assets/img/device-integrity/hypatia.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file From 1d437287b8d95b6efbabaaee9a870f2303103c27 Mon Sep 17 00:00:00 2001 From: jermanuts <109705802+jermanuts@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:09:28 +0000 Subject: [PATCH 5/7] style: VPN criteria source code better term (#2838) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/vpn.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/vpn.md b/docs/vpn.md index fe978ca0..904bd775 100644 --- a/docs/vpn.md +++ b/docs/vpn.md @@ -298,7 +298,7 @@ We require all our recommended VPN providers to provide OpenVPN configuration fi - Support for strong protocols such as WireGuard & OpenVPN. - Killswitch built in to clients. - Multihop support. Multihopping is important to keep data private in case of a single node compromise. -- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. +- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing. - Censorship resistance features designed to bypass firewalls without DPI. **Best Case:** From 4273a1880bb50283b97ca296250fa727c23bb9d8 Mon Sep 17 00:00:00 2001 From: qiyongzheng <153378707+qiyongzheng@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:11:31 +0000 Subject: [PATCH 6/7] update: Add the link of the guide to get additional storage for Proton Drive (#2837) Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/cloud.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud.md b/docs/cloud.md index bf5cb4f6..2ad73be9 100644 --- a/docs/cloud.md +++ b/docs/cloud.md @@ -27,7 +27,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } -**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of certain steps, additional storage can be obtained up to 5GB. +**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB. [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary } [:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" } From 9851037608b16d8f88f77199a7b5dd0885ec2946 Mon Sep 17 00:00:00 2001 From: eylenburg <84839316+eylenburg@users.noreply.github.com> Date: Tue, 24 Dec 2024 14:15:03 +0000 Subject: [PATCH 7/7] update: Tidy up Cryptocurrency page and recommend places to buy Monero (#2823) Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com> Signed-off-by: fria <138676274+friadev@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/advanced/payments.md | 43 ++++++++++++++++++++-------------- docs/cryptocurrency.md | 48 +++++++++++++++++++++++++++++++------- docs/financial-services.md | 7 ++++++ 3 files changed, 72 insertions(+), 26 deletions(-) diff --git a/docs/advanced/payments.md b/docs/advanced/payments.md index 66cabba1..f8128a3b 100644 --- a/docs/advanced/payments.md +++ b/docs/advanced/payments.md @@ -3,33 +3,33 @@ title: Private Payments icon: material/hand-coin description: Your buying habits are the holy grail of ad targeting, but you still have plenty of options when it comes to making payments privately. --- -There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. +Data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. ## Cash -For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangeable. -Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Regulated exchanges, banks, and money services businesses must collect an ID for transactions exceeding $3,000. Cash contains serial numbers to assist law enforcement in targeted investigations. -Despite this, it’s typically the best option. +Despite the above, cash is typically the best option when available. ## Prepaid Cards & Gift Cards -It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. +You can easily purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout in an effort to reduce fraud. Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g.: from Visa or Mastercard) usually have limits of up to $1,000 per card. Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. -Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. +Prepaid cards usually don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. -Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. +Cash remains the best option for in-person purchases for most people. Gift cards are often sold at a discount, which make them attractive. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. ### Online Marketplaces -If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer high limits (with ID verification), but they usually allow basic, low-limit accounts with just an email address. Expect limits under $10,000 for basic accounts and significantly higher limits for ID verified accounts (if offered). -When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy (more on this below). Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. - [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) @@ -43,14 +43,14 @@ These tend to be good options for recurring/subscription payments online, while ## Cryptocurrency -Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.

Danger

-The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. +The vast majority of cryptocurrencies operate on a **transparent** blockchain, meaning that every transaction's details are public knowledge. This includes most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. -Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. +Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. Transactions are irreversible and do not include any consumer protections.
@@ -60,23 +60,25 @@ There are a number of cryptocurrency projects which purport to provide privacy b - [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#monero) -Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can trace (at least to some extent) Bitcoin Lightning Network and/or Monero transactions. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million to further develop tools to do so. Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins in their current form only succeed in thwarting mass surveillance. ### Other Coins (Bitcoin, Ethereum, etc.) -The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. +The vast majority of cryptocurrency projects use a transparent blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. -Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. +Anonymous transactions on a transparent blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, this example requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical (even for enthusiasts) for many years. ==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. ### Wallet Custody -With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. +With cryptocurrency there are two forms of wallets: custodial wallets and self-custody wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Self-custody wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, self-custody wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. ### Acquisition -Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces, platforms which facilitate trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces (platforms which facilitate trades between people) are one option, though the user experience typically suffers. If using an exchange which requires KYC is acceptable for you as long as subsequent transactions can't be traced, it's much easier to purchase Monero on a centralized exchange or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own self-custody wallet to use privately from that point forward. + +[Recommended places to buy Monero](../cryptocurrency.md#buying-monero){ .md-button } If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. @@ -85,3 +87,10 @@ If you go this route, make sure to purchase Monero at different times and in dif When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. + +
+

Important notices

+ +The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../about/notices.md). + +
diff --git a/docs/cryptocurrency.md b/docs/cryptocurrency.md index 6b954f4f..799d62d2 100644 --- a/docs/cryptocurrency.md +++ b/docs/cryptocurrency.md @@ -40,15 +40,8 @@ Many if not most cryptocurrency projects are scams. Make transactions carefully With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. -For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: - -- [Official Monero client](https://getmonero.org/downloads) (Desktop) -- [Cake Wallet](https://cakewallet.com) (iOS, Android, macOS) - - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet for iOS and Android is available at [Monero.com](https://monero.com). -- [Feather Wallet](https://featherwallet.org) (Desktop) -- [Monerujo](https://monerujo.io) (Android) - -For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or [I2P](alternative-networks.md#i2p-the-invisible-internet-project). +
+Monero's resilience to mass surveillance In August 2021, CipherTrace [announced](https://web.archive.org/web/20240223224846/https://ciphertrace.com/enhanced-monero-tracing) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. @@ -56,8 +49,45 @@ Monero transaction graph privacy is limited by its relatively small ring signatu Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. +
+ +### Monero wallets + +For optimal privacy, make sure to use a self-custody wallet where the [view key](https://www.getmonero.org/resources/moneropedia/viewkey.html) stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your view key, the provider can see almost everything you do (but not spend your funds). Some self-custody wallets where the view key does not leave your device include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com) (iOS, Android, Desktop) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet for iOS and Android is available at [Monero.com](https://monero.com). +- [Feather Wallet](https://featherwallet.org) (Desktop) +- [Monerujo](https://monerujo.io) (Android) + +### Monero nodes + +For maximum privacy (even with a self-custody wallet), you should run your own Monero node called the [Monero daemon](https://getmonero.org/downloads/#cli). Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor, [I2P](alternative-networks.md#i2p-the-invisible-internet-project), or a VPN. + +### Buying Monero + +[General tips for acquiring Monero](advanced/payments.md#acquisition){ .md-button } + +There are numerous centralized exchanges (CEX) as well as P2P marketplaces where you can buy and sell Monero. Some of them require identifying yourself (KYC) to comply with anti-money laundering regulations. However, due to Monero's privacy features, the only thing known to the seller is _that_ you bought Monero, but not how much you own or where you spend it (after it leaves the exchange). Some reputable places to buy Monero include: + +- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1] +- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app. + - [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice. +- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service. Please note that you can only buy Monero on RetoSwap if you already own a small amount of Monero (currently a minimum of 0.11 XMR) in order to fund security deposits, although there are ongoing efforts to drop this requirement in the future. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. - Cryptocurrency must provide private/untraceable transactions by default. + +
+

Important notices

+ +The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](about/notices.md). + +
+ +[^1]: You may refer to the following pages for up-to-date information on countries in which Kraken does **not** allow the purchase of Monero: [Where is Kraken licensed or regulated?](https://support.kraken.com/hc/en-us/articles/where-is-kraken-licensed-or-regulated) and [Support for Monero (XMR) in Europe](https://support.kraken.com/hc/en-us/articles/support-for-monero-xmr-in-europe). +[^2]: You may refer to the following pages for up-to-date information on countries in which Cake Wallet and Monero.com **only** allow the direct purchase of Monero (through third-party providers): [Which countries are served by DFX?](https://docs.dfx.swiss/en/faq.html#which-countries-are-served-by-dfx) and [What are the supported countries/regions? (Guardarian)](https://guardarian.freshdesk.com/support/solutions/articles/80001151826-what-are-the-supported-countries-regions). diff --git a/docs/financial-services.md b/docs/financial-services.md index b0fc6e02..08a1870d 100644 --- a/docs/financial-services.md +++ b/docs/financial-services.md @@ -102,3 +102,10 @@ These services allow you to purchase gift cards for a variety of merchants onlin - Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). - No ID requirement. + +
+

Important notices

+ +The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](about/notices.md). + +